1SCP(1) BSD General Commands Manual SCP(1)
2
4 scp — OpenSSH secure file copy
5
7 scp [-346ABCOpqRrTv] [-c cipher] [-D sftp_server_path] [-F ssh_config]
8 [-i identity_file] [-J destination] [-l limit] [-o ssh_option]
9 [-P port] [-S program] source ... target
10
12 scp copies files between hosts on a network.
13 It uses ssh(1) for data transfer, and uses the same authentication and
15 provides the same security as a login session.
16 scp will ask for passwords or passphrases if they are needed for authen‐
18 tication.
19 The source and target may be specified as a local pathname, a remote host
21 with optional path in the form [user@]host:[path], or a URI in the form
22 scp://[user@]host[:port][/path]. Local file names can be made explicit
23 using absolute or relative pathnames to avoid scp treating file names
24 containing ‘:’ as host specifiers.
25 When copying between two remote hosts, if the URI format is used, a port
27 cannot be specified on the target if the -R option is used.
28 The options are as follows:
30 -3 Copies between two remote hosts are transferred through the local
32 host. Without this option the data is copied directly between
33 the two remote hosts. Note that, when using the original SCP
34 protocol (via the -O flag), this option selects batch mode for
35 the second host as scp cannot ask for passwords or passphrases
36 for both hosts. This mode is the default.
37 -4 Forces scp to use IPv4 addresses only.
39 -6 Forces scp to use IPv6 addresses only.
41 -A Allows forwarding of ssh-agent(1) to the remote system. The de‐
43 fault is not to forward an authentication agent.
44 -B Selects batch mode (prevents asking for passwords or
46 passphrases).
47 -C Compression enable. Passes the -C flag to ssh(1) to enable com‐
49 pression.
50 -c cipher
52 Selects the cipher to use for encrypting the data transfer. This
53 option is directly passed to ssh(1).
54 -D sftp_server_path
56 When using the SFTP protocol support via -s, connect directly to
57 a local SFTP server program rather than a remote one via ssh(1).
58 This option may be useful in debugging the client and server.
59 -F ssh_config
61 Specifies an alternative per-user configuration file for ssh.
62 This option is directly passed to ssh(1).
63 -i identity_file
65 Selects the file from which the identity (private key) for public
66 key authentication is read. This option is directly passed to
67 ssh(1).
68 -J destination
70 Connect to the target host by first making an scp connection to
71 the jump host described by destination and then establishing a
72 TCP forwarding to the ultimate destination from there. Multiple
73 jump hops may be specified separated by comma characters. This
74 is a shortcut to specify a ProxyJump configuration directive.
75 This option is directly passed to ssh(1).
76 -l limit
78 Limits the used bandwidth, specified in Kbit/s.
79 -O Use the original SCP protocol for file transfers instead of the
81 SFTP protocol. Forcing the use of the SCP protocol may be neces‐
82 sary for servers that do not implement SFTP, for backwards-com‐
83 patibility for particular filename wildcard patterns and for ex‐
84 panding paths with a ‘~’ prefix for older SFTP servers.
85 -o ssh_option
87 Can be used to pass options to ssh in the format used in
88 ssh_config(5). This is useful for specifying options for which
89 there is no separate scp command-line flag. For full details of
90 the options listed below, and their possible values, see
91 ssh_config(5).
92 AddressFamily
94 BatchMode
95 BindAddress
96 BindInterface
97 CanonicalDomains
98 CanonicalizeFallbackLocal
99 CanonicalizeHostname
100 CanonicalizeMaxDots
101 CanonicalizePermittedCNAMEs
102 CASignatureAlgorithms
103 CertificateFile
104 CheckHostIP
105 Ciphers
106 Compression
107 ConnectionAttempts
108 ConnectTimeout
109 ControlMaster
110 ControlPath
111 ControlPersist
112 GlobalKnownHostsFile
113 GSSAPIAuthentication
114 GSSAPIDelegateCredentials
115 HashKnownHosts
116 Host
117 HostbasedAcceptedAlgorithms
118 HostbasedAuthentication
119 HostKeyAlgorithms
120 HostKeyAlias
121 Hostname
122 IdentitiesOnly
123 IdentityAgent
124 IdentityFile
125 IPQoS
126 KbdInteractiveAuthentication
127 KbdInteractiveDevices
128 KexAlgorithms
129 KnownHostsCommand
130 LogLevel
131 MACs
132 NoHostAuthenticationForLocalhost
133 NumberOfPasswordPrompts
134 PasswordAuthentication
135 PKCS11Provider
136 Port
137 PreferredAuthentications
138 ProxyCommand
139 ProxyJump
140 PubkeyAcceptedAlgorithms
141 PubkeyAuthentication
142 RekeyLimit
143 SendEnv
144 ServerAliveInterval
145 ServerAliveCountMax
146 SetEnv
147 StrictHostKeyChecking
148 TCPKeepAlive
149 UpdateHostKeys
150 User
151 UserKnownHostsFile
152 VerifyHostKeyDNS
153 -P port
155 Specifies the port to connect to on the remote host. Note that
156 this option is written with a capital ‘P’, because -p is already
157 reserved for preserving the times and mode bits of the file.
158 -p Preserves modification times, access times, and file mode bits
160 from the source file.
161 -q Quiet mode: disables the progress meter as well as warning and
163 diagnostic messages from ssh(1).
164 -R Copies between two remote hosts are performed by connecting to
166 the origin host and executing scp there. This requires that scp
167 running on the origin host can authenticate to the destination
168 host without requiring a password.
169 -r Recursively copy entire directories. Note that scp follows sym‐
171 bolic links encountered in the tree traversal.
172 -S program
174 Name of program to use for the encrypted connection. The program
175 must understand ssh(1) options.
176 -T Disable strict filename checking. By default when copying files
178 from a remote host to a local directory scp checks that the re‐
179 ceived filenames match those requested on the command-line to
180 prevent the remote end from sending unexpected or unwanted files.
181 Because of differences in how various operating systems and
182 shells interpret filename wildcards, these checks may cause
183 wanted files to be rejected. This option disables these checks
184 at the expense of fully trusting that the server will not send
185 unexpected filenames.
186 -v Verbose mode. Causes scp and ssh(1) to print debugging messages
188 about their progress. This is helpful in debugging connection,
189 authentication, and configuration problems.
190 Usage of SCP protocol can be blocked by creating a world-readable
192 /etc/ssh/disable_scp file. If this file exists, when SCP protocol is in
193 use (either remotely or via the -O option), the program will exit.
194
196 The scp utility exits 0 on success, and >0 if an error occurs.
197
199 sftp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1), ssh_config(5),
200 sftp-server(8), sshd(8)
201
203 The original scp protocol (selected by the -O flag) requires execution of
204 the remote user's shell to perform glob(3) pattern matching. This re‐
205 quires careful quoting of any characters that have special meaning to the
206 remote shell, such as quote characters.
207
209 scp is based on the rcp program in BSD source code from the Regents of
210 the University of California.
211 Since OpenSSH 8.8 (8.7 in Red Hat/Fedora builds), scp has use the SFTP
213 protocol for transfers by default.
214
216 Timo Rinne <tri@iki.fi>
217 Tatu Ylonen <ylo@cs.hut.fi>
218
220 The original SCP protocol (used by default) requires execution of the re‐
221 mote user's shell to perform glob(3) pattern matching. This requires
222 careful quoting of any characters that have special meaning to the remote
223 shell, such as quote characters.
224BSD September 20, 2021 BSD