1SCP(1) BSD General Commands Manual SCP(1)
2
4 scp — OpenSSH secure file copy
5
7 scp [-346ABCOpqRrsTv] [-c cipher] [-D sftp_server_path] [-F ssh_config]
8 [-i identity_file] [-J destination] [-l limit] [-o ssh_option]
9 [-P port] [-S program] [-X sftp_option] source ... target
10
12 scp copies files between hosts on a network.
13 scp uses the SFTP protocol over a ssh(1) connection for data transfer,
15 and uses the same authentication and provides the same security as a lo‐
16 gin session.
17 scp will ask for passwords or passphrases if they are needed for authen‐
19 tication.
20 The source and target may be specified as a local pathname, a remote host
22 with optional path in the form [user@]host:[path], or a URI in the form
23 scp://[user@]host[:port][/path]. Local file names can be made explicit
24 using absolute or relative pathnames to avoid scp treating file names
25 containing ‘:’ as host specifiers.
26 When copying between two remote hosts, if the URI format is used, a port
28 cannot be specified on the target if the -R option is used.
29 The options are as follows:
31 -3 Copies between two remote hosts are transferred through the local
33 host. Without this option the data is copied directly between
34 the two remote hosts. Note that, when using the legacy SCP pro‐
35 tocol (via the -O flag), this option selects batch mode for the
36 second host as scp cannot ask for passwords or passphrases for
37 both hosts. This mode is the default.
38 -4 Forces scp to use IPv4 addresses only.
40 -6 Forces scp to use IPv6 addresses only.
42 -A Allows forwarding of ssh-agent(1) to the remote system. The de‐
44 fault is not to forward an authentication agent.
45 -B Selects batch mode (prevents asking for passwords or
47 passphrases).
48 -C Compression enable. Passes the -C flag to ssh(1) to enable com‐
50 pression.
51 -c cipher
53 Selects the cipher to use for encrypting the data transfer. This
54 option is directly passed to ssh(1).
55 -D sftp_server_path
57 Connect directly to a local SFTP server program rather than a re‐
58 mote one via ssh(1). This option may be useful in debugging the
59 client and server.
60 -F ssh_config
62 Specifies an alternative per-user configuration file for ssh.
63 This option is directly passed to ssh(1).
64 -i identity_file
66 Selects the file from which the identity (private key) for public
67 key authentication is read. This option is directly passed to
68 ssh(1).
69 -J destination
71 Connect to the target host by first making an scp connection to
72 the jump host described by destination and then establishing a
73 TCP forwarding to the ultimate destination from there. Multiple
74 jump hops may be specified separated by comma characters. This
75 is a shortcut to specify a ProxyJump configuration directive.
76 This option is directly passed to ssh(1).
77 -l limit
79 Limits the used bandwidth, specified in Kbit/s.
80 -O Use the legacy SCP protocol for file transfers instead of the
82 SFTP protocol. Forcing the use of the SCP protocol may be neces‐
83 sary for servers that do not implement SFTP, for backwards-com‐
84 patibility for particular filename wildcard patterns and for ex‐
85 panding paths with a ‘~’ prefix for older SFTP servers.
86 -o ssh_option
88 Can be used to pass options to ssh in the format used in
89 ssh_config(5). This is useful for specifying options for which
90 there is no separate scp command-line flag. For full details of
91 the options listed below, and their possible values, see
92 ssh_config(5).
93 AddressFamily
95 BatchMode
96 BindAddress
97 BindInterface
98 CanonicalDomains
99 CanonicalizeFallbackLocal
100 CanonicalizeHostname
101 CanonicalizeMaxDots
102 CanonicalizePermittedCNAMEs
103 CASignatureAlgorithms
104 CertificateFile
105 CheckHostIP
106 Ciphers
107 Compression
108 ConnectionAttempts
109 ConnectTimeout
110 ControlMaster
111 ControlPath
112 ControlPersist
113 GlobalKnownHostsFile
114 GSSAPIAuthentication
115 GSSAPIDelegateCredentials
116 HashKnownHosts
117 Host
118 HostbasedAcceptedAlgorithms
119 HostbasedAuthentication
120 HostKeyAlgorithms
121 HostKeyAlias
122 Hostname
123 IdentitiesOnly
124 IdentityAgent
125 IdentityFile
126 IPQoS
127 KbdInteractiveAuthentication
128 KbdInteractiveDevices
129 KexAlgorithms
130 KnownHostsCommand
131 LogLevel
132 MACs
133 NoHostAuthenticationForLocalhost
134 NumberOfPasswordPrompts
135 PasswordAuthentication
136 PKCS11Provider
137 Port
138 PreferredAuthentications
139 ProxyCommand
140 ProxyJump
141 PubkeyAcceptedAlgorithms
142 PubkeyAuthentication
143 RekeyLimit
144 RequiredRSASize
145 SendEnv
146 ServerAliveInterval
147 ServerAliveCountMax
148 SetEnv
149 StrictHostKeyChecking
150 TCPKeepAlive
151 UpdateHostKeys
152 User
153 UserKnownHostsFile
154 VerifyHostKeyDNS
155 -P port
157 Specifies the port to connect to on the remote host. Note that
158 this option is written with a capital ‘P’, because -p is already
159 reserved for preserving the times and mode bits of the file.
160 -p Preserves modification times, access times, and file mode bits
162 from the source file.
163 -q Quiet mode: disables the progress meter as well as warning and
165 diagnostic messages from ssh(1).
166 -R Copies between two remote hosts are performed by connecting to
168 the origin host and executing scp there. This requires that scp
169 running on the origin host can authenticate to the destination
170 host without requiring a password.
171 -r Recursively copy entire directories. Note that scp follows sym‐
173 bolic links encountered in the tree traversal.
174 -S program
176 Name of program to use for the encrypted connection. The program
177 must understand ssh(1) options.
178 -T Disable strict filename checking. By default when copying files
180 from a remote host to a local directory scp checks that the re‐
181 ceived filenames match those requested on the command-line to
182 prevent the remote end from sending unexpected or unwanted files.
183 Because of differences in how various operating systems and
184 shells interpret filename wildcards, these checks may cause
185 wanted files to be rejected. This option disables these checks
186 at the expense of fully trusting that the server will not send
187 unexpected filenames.
188 -v Verbose mode. Causes scp and ssh(1) to print debugging messages
190 about their progress. This is helpful in debugging connection,
191 authentication, and configuration problems.
192 -X sftp_option
194 Specify an option that controls aspects of SFTP protocol behav‐
195 iour. The valid options are:
196 nrequests=value
198 Controls how many concurrent SFTP read or write requests
199 may be in progress at any point in time during a download
200 or upload. By default 64 requests may be active concur‐
201 rently.
202 buffer=value
204 Controls the maximum buffer size for a single SFTP
205 read/write operation used during download or upload. By
206 default a 32KB buffer is used.
207 Usage of SCP protocol can be blocked by creating a world-readable
209 /etc/ssh/disable_scp file. If this file exists, when SCP protocol is in
210 use (either remotely or via the -O option), the program will exit.
211
213 The scp utility exits 0 on success, and >0 if an error occurs.
214
216 sftp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1), ssh_config(5),
217 sftp-server(8), sshd(8)
218
220 scp is based on the rcp program in BSD source code from the Regents of
221 the University of California.
222 Since OpenSSH 9.0, scp has used the SFTP protocol for transfers by de‐
224 fault.
225
227 Timo Rinne <tri@iki.fi>
228 Tatu Ylonen <ylo@cs.hut.fi>
229
231 The legacy SCP protocol (selected by the -O flag) requires execution of
232 the remote user's shell to perform glob(3) pattern matching. This re‐
233 quires careful quoting of any characters that have special meaning to the
234 remote shell, such as quote characters.
235BSD December 16, 2022 BSD