1.\" 2.\" scp.1 3.\" 4.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 5.\" 6.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 7.\" All rights reserved 8.\" 9.\" Created: Sun May 7 00:14:37 1995 ylo 10.\" 11.\" $OpenBSD: scp.1,v 1.113 2024/12/06 15:12:56 djm Exp $ 12.\" 13.Dd $Mdocdate: December 6 2024 $ 14.Dt SCP 1 15.Os 16.Sh NAME 17.Nm scp 18.Nd OpenSSH secure file copy 19.Sh SYNOPSIS 20.Nm scp 21.Op Fl 346ABCOpqRrsTv 22.Op Fl c Ar cipher 23.Op Fl D Ar sftp_server_path 24.Op Fl F Ar ssh_config 25.Op Fl i Ar identity_file 26.Op Fl J Ar destination 27.Op Fl l Ar limit 28.Op Fl o Ar ssh_option 29.Op Fl P Ar port 30.Op Fl S Ar program 31.Op Fl X Ar sftp_option 32.Ar source ... target 33.Sh DESCRIPTION 34.Nm 35copies files between hosts on a network. 36.Pp 37.Nm 38uses the SFTP protocol over a 39.Xr ssh 1 40connection for data transfer, and uses the same authentication and provides 41the same security as a login session. 42.Pp 43.Nm 44will ask for passwords or passphrases if they are needed for 45authentication. 46.Pp 47The 48.Ar source 49and 50.Ar target 51may be specified as a local pathname, a remote host with optional path 52in the form 53.Sm off 54.Oo user @ Oc host : Op path , 55.Sm on 56or a URI in the form 57.Sm off 58.No scp:// Oo user @ Oc host Oo : port Oc Op / path . 59.Sm on 60Local file names can be made explicit using absolute or relative pathnames 61to avoid 62.Nm 63treating file names containing 64.Sq :\& 65as host specifiers. 66.Pp 67When copying between two remote hosts, if the URI format is used, a 68.Ar port 69cannot be specified on the 70.Ar target 71if the 72.Fl R 73option is used. 74.Pp 75The options are as follows: 76.Bl -tag -width Ds 77.It Fl 3 78Copies between two remote hosts are transferred through the local host. 79Without this option the data is copied directly between the two remote 80hosts. 81Note that, when using the legacy SCP protocol (via the 82.Fl O 83flag), this option 84selects batch mode for the second host as 85.Nm 86cannot ask for passwords or passphrases for both hosts. 87This mode is the default. 88.It Fl 4 89Forces 90.Nm 91to use IPv4 addresses only. 92.It Fl 6 93Forces 94.Nm 95to use IPv6 addresses only. 96.It Fl A 97Allows forwarding of 98.Xr ssh-agent 1 99to the remote system. 100The default is not to forward an authentication agent. 101.It Fl B 102Selects batch mode (prevents asking for passwords or passphrases). 103.It Fl C 104Compression enable. 105Passes the 106.Fl C 107flag to 108.Xr ssh 1 109to enable compression. 110.It Fl c Ar cipher 111Selects the cipher to use for encrypting the data transfer. 112This option is directly passed to 113.Xr ssh 1 . 114.It Fl D Ar sftp_server_path 115Connect directly to a local SFTP server program rather than a 116remote one via 117.Xr ssh 1 . 118This option may be useful in debugging the client and server. 119.It Fl F Ar ssh_config 120Specifies an alternative 121per-user configuration file for 122.Nm ssh . 123This option is directly passed to 124.Xr ssh 1 . 125.It Fl i Ar identity_file 126Selects the file from which the identity (private key) for public key 127authentication is read. 128This option is directly passed to 129.Xr ssh 1 . 130.It Fl J Ar destination 131Connect to the target host by first making an 132.Nm 133connection to the jump host described by 134.Ar destination 135and then establishing a TCP forwarding to the ultimate destination from 136there. 137Multiple jump hops may be specified separated by comma characters. 138This is a shortcut to specify a 139.Cm ProxyJump 140configuration directive. 141This option is directly passed to 142.Xr ssh 1 . 143.It Fl l Ar limit 144Limits the used bandwidth, specified in Kbit/s. 145.It Fl O 146Use the legacy SCP protocol for file transfers instead of the SFTP protocol. 147Forcing the use of the SCP protocol may be necessary for servers that do 148not implement SFTP, for backwards-compatibility for particular filename 149wildcard patterns and for expanding paths with a 150.Sq ~ 151prefix for older SFTP servers. 152.It Fl o Ar ssh_option 153Can be used to pass options to 154.Nm ssh 155in the format used in 156.Xr ssh_config 5 . 157This is useful for specifying options 158for which there is no separate 159.Nm scp 160command-line flag. 161For full details of the options listed below, and their possible values, see 162.Xr ssh_config 5 . 163.Pp 164.Bl -tag -width Ds -offset indent -compact 165.It AddKeysToAgent 166.It AddressFamily 167.It BatchMode 168.It BindAddress 169.It BindInterface 170.It CASignatureAlgorithms 171.It CanonicalDomains 172.It CanonicalizeFallbackLocal 173.It CanonicalizeHostname 174.It CanonicalizeMaxDots 175.It CanonicalizePermittedCNAMEs 176.It CertificateFile 177.It ChannelTimeout 178.It CheckHostIP 179.It Ciphers 180.It ClearAllForwardings 181.It Compression 182.It ConnectTimeout 183.It ConnectionAttempts 184.It ControlMaster 185.It ControlPath 186.It ControlPersist 187.It DynamicForward 188.It EnableEscapeCommandline 189.It EnableSSHKeysign 190.It EscapeChar 191.It ExitOnForwardFailure 192.It FingerprintHash 193.It ForkAfterAuthentication 194.It ForwardAgent 195.It ForwardX11 196.It ForwardX11Timeout 197.It ForwardX11Trusted 198.It GSSAPIAuthentication 199.It GSSAPIDelegateCredentials 200.It GatewayPorts 201.It GlobalKnownHostsFile 202.It HashKnownHosts 203.It Host 204.It HostKeyAlgorithms 205.It HostKeyAlias 206.It HostbasedAcceptedAlgorithms 207.It HostbasedAuthentication 208.It Hostname 209.It IPQoS 210.It IdentitiesOnly 211.It IdentityAgent 212.It IdentityFile 213.It IgnoreUnknown 214.It Include 215.It KbdInteractiveAuthentication 216.It KbdInteractiveDevices 217.It KexAlgorithms 218.It KnownHostsCommand 219.It LocalCommand 220.It LocalForward 221.It LogLevel 222.It LogVerbose 223.It MACs 224.It NoHostAuthenticationForLocalhost 225.It NumberOfPasswordPrompts 226.It ObscureKeystrokeTiming 227.It PKCS11Provider 228.It PasswordAuthentication 229.It PermitLocalCommand 230.It PermitRemoteOpen 231.It Port 232.It PreferredAuthentications 233.It ProxyCommand 234.It ProxyJump 235.It ProxyUseFdpass 236.It PubkeyAcceptedAlgorithms 237.It PubkeyAuthentication 238.It RekeyLimit 239.It RemoteCommand 240.It RemoteForward 241.It RequestTTY 242.It RequiredRSASize 243.It RevokedHostKeys 244.It SecurityKeyProvider 245.It SendEnv 246.It ServerAliveCountMax 247.It ServerAliveInterval 248.It SessionType 249.It SetEnv 250.It StdinNull 251.It StreamLocalBindMask 252.It StreamLocalBindUnlink 253.It StrictHostKeyChecking 254.It SyslogFacility 255.It TCPKeepAlive 256.It Tag 257.It Tunnel 258.It TunnelDevice 259.It UpdateHostKeys 260.It User 261.It UserKnownHostsFile 262.It VerifyHostKeyDNS 263.It VisualHostKey 264.It XAuthLocation 265.El 266.It Fl P Ar port 267Specifies the port to connect to on the remote host. 268Note that this option is written with a capital 269.Sq P , 270because 271.Fl p 272is already reserved for preserving the times and mode bits of the file. 273.It Fl p 274Preserves modification times, access times, and file mode bits from the 275source file. 276.It Fl q 277Quiet mode: disables the progress meter as well as warning and diagnostic 278messages from 279.Xr ssh 1 . 280.It Fl R 281Copies between two remote hosts are performed by connecting to the origin 282host and executing 283.Nm 284there. 285This requires that 286.Nm 287running on the origin host can authenticate to the destination host without 288requiring a password. 289.It Fl r 290Recursively copy entire directories. 291Note that 292.Nm 293follows symbolic links encountered in the tree traversal. 294.It Fl S Ar program 295Name of 296.Ar program 297to use for the encrypted connection. 298The program must understand 299.Xr ssh 1 300options. 301.It Fl T 302Disable strict filename checking. 303By default when copying files from a remote host to a local directory 304.Nm 305checks that the received filenames match those requested on the command-line 306to prevent the remote end from sending unexpected or unwanted files. 307Because of differences in how various operating systems and shells interpret 308filename wildcards, these checks may cause wanted files to be rejected. 309This option disables these checks at the expense of fully trusting that 310the server will not send unexpected filenames. 311.It Fl v 312Verbose mode. 313Causes 314.Nm 315and 316.Xr ssh 1 317to print debugging messages about their progress. 318This is helpful in 319debugging connection, authentication, and configuration problems. 320.It Fl X Ar sftp_option 321Specify an option that controls aspects of SFTP protocol behaviour. 322The valid options are: 323.Bl -tag -width Ds 324.It Cm nrequests Ns = Ns Ar value 325Controls how many concurrent SFTP read or write requests may be in progress 326at any point in time during a download or upload. 327By default 64 requests may be active concurrently. 328.It Cm buffer Ns = Ns Ar value 329Controls the maximum buffer size for a single SFTP read/write operation used 330during download or upload. 331By default a 32KB buffer is used. 332.El 333.El 334.Sh EXIT STATUS 335.Ex -std scp 336.Sh SEE ALSO 337.Xr sftp 1 , 338.Xr ssh 1 , 339.Xr ssh-add 1 , 340.Xr ssh-agent 1 , 341.Xr ssh-keygen 1 , 342.Xr ssh_config 5 , 343.Xr sftp-server 8 , 344.Xr sshd 8 345.Sh HISTORY 346.Nm 347is based on the rcp program in 348.Bx 349source code from the Regents of the University of California. 350.Pp 351Since OpenSSH 9.0, 352.Nm 353has used the SFTP protocol for transfers by default. 354.Sh AUTHORS 355.An Timo Rinne Aq Mt tri@iki.fi 356.An Tatu Ylonen Aq Mt ylo@cs.hut.fi 357.Sh CAVEATS 358The legacy SCP protocol (selected by the 359.Fl O 360flag) requires execution of the remote user's shell to perform 361.Xr glob 3 362pattern matching. 363This requires careful quoting of any characters that have special meaning to 364the remote shell, such as quote characters. 365