1.\" $NetBSD: scp.1,v 1.31 2023/12/01 12:07:19 ws Exp $ 2.\" 3.\" scp.1 4.\" 5.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 6.\" 7.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 8.\" All rights reserved 9.\" 10.\" Created: Sun May 7 00:14:37 1995 ylo 11.\" 12.\" $OpenBSD: scp.1,v 1.112 2022/12/16 07:13:22 djm Exp $ 13.\" 14.Dd December 16 2022 15.Dt SCP 1 16.Os 17.Sh NAME 18.Nm scp 19.Nd OpenSSH secure file copy 20.Sh SYNOPSIS 21.Nm scp 22.Op Fl 346ABCOpqRrsTv 23.Op Fl c Ar cipher 24.Op Fl D Ar sftp_server_path 25.Op Fl F Ar ssh_config 26.Op Fl i Ar identity_file 27.Op Fl J Ar destination 28.Op Fl l Ar limit 29.Op Fl o Ar ssh_option 30.Op Fl P Ar port 31.Op Fl S Ar program 32.Op Fl X Ar sftp_option 33.Ar source ... target 34.Sh DESCRIPTION 35.Nm 36copies files between hosts on a network. 37.Pp 38.Nm 39uses the SFTP protocol over a 40.Xr ssh 1 41connection for data transfer, and uses the same authentication and provides 42the same security as a login session. 43.Pp 44.Nm 45will ask for passwords or passphrases if they are needed for 46authentication. 47.Pp 48The 49.Ar source 50and 51.Ar target 52may be specified as a local pathname, a remote host with optional path 53in the form 54.Sm off 55.Oo user @ Oc host : Op path , 56.Sm on 57or a URI in the form 58.Sm off 59.No scp:// Oo user @ Oc host Oo : port Oc Op / path . 60.Sm on 61Local file names can be made explicit using absolute or relative pathnames 62to avoid 63.Nm 64treating file names containing 65.Sq :\& 66as host specifiers. 67.Pp 68When copying between two remote hosts, if the URI format is used, a 69.Ar port 70cannot be specified on the 71.Ar target 72if the 73.Fl R 74option is used. 75.Pp 76The options are as follows: 77.Bl -tag -width Ds 78.It Fl 3 79Copies between two remote hosts are transferred through the local host. 80Without this option the data is copied directly between the two remote 81hosts. 82Note that, when using the legacy SCP protocol (via the 83.Fl O 84flag), this option 85selects batch mode for the second host as 86.Nm 87cannot ask for passwords or passphrases for both hosts. 88This mode is the default. 89.It Fl 4 90Forces 91.Nm 92to use IPv4 addresses only. 93.It Fl 6 94Forces 95.Nm 96to use IPv6 addresses only. 97.It Fl A 98Allows forwarding of 99.Xr ssh-agent 1 100to the remote system. 101The default is not to forward an authentication agent. 102.It Fl B 103Selects batch mode (prevents asking for passwords or passphrases). 104.It Fl C 105Compression enable. 106Passes the 107.Fl C 108flag to 109.Xr ssh 1 110to enable compression. 111.It Fl c Ar cipher 112Selects the cipher to use for encrypting the data transfer. 113This option is directly passed to 114.Xr ssh 1 . 115.It Fl D Ar sftp_server_path 116Connect directly to a local SFTP server program rather than a 117remote one via 118.Xr ssh 1 . 119This option may be useful in debugging the client and server. 120.It Fl F Ar ssh_config 121Specifies an alternative 122per-user configuration file for 123.Nm ssh . 124This option is directly passed to 125.Xr ssh 1 . 126.It Fl i Ar identity_file 127Selects the file from which the identity (private key) for public key 128authentication is read. 129This option is directly passed to 130.Xr ssh 1 . 131.It Fl J Ar destination 132Connect to the target host by first making an 133.Nm 134connection to the jump host described by 135.Ar destination 136and then establishing a TCP forwarding to the ultimate destination from 137there. 138Multiple jump hops may be specified separated by comma characters. 139This is a shortcut to specify a 140.Cm ProxyJump 141configuration directive. 142This option is directly passed to 143.Xr ssh 1 . 144.It Fl l Ar limit 145Limits the used bandwidth, specified in Kbit/s. 146.It Fl O 147Use the legacy SCP protocol for file transfers instead of the SFTP protocol. 148Forcing the use of the SCP protocol may be necessary for servers that do 149not implement SFTP, for backwards-compatibility for particular filename 150wildcard patterns and for expanding paths with a 151.Sq ~ 152prefix for older SFTP servers. 153.It Fl o Ar ssh_option 154Can be used to pass options to 155.Nm ssh 156in the format used in 157.Xr ssh_config 5 . 158This is useful for specifying options 159for which there is no separate 160.Nm scp 161command-line flag. 162For full details of the options listed below, and their possible values, see 163.Xr ssh_config 5 . 164.Pp 165.Bl -tag -width Ds -offset indent -compact 166.It AddressFamily 167.It BatchMode 168.It BindAddress 169.It BindInterface 170.It CanonicalDomains 171.It CanonicalizeFallbackLocal 172.It CanonicalizeHostname 173.It CanonicalizeMaxDots 174.It CanonicalizePermittedCNAMEs 175.It CASignatureAlgorithms 176.It CertificateFile 177.It CheckHostIP 178.It Ciphers 179.It Compression 180.It ConnectionAttempts 181.It ConnectTimeout 182.It ControlMaster 183.It ControlPath 184.It ControlPersist 185.It GlobalKnownHostsFile 186.It GSSAPIAuthentication 187.It GSSAPIDelegateCredentials 188.It HashKnownHosts 189.It Host 190.It HostbasedAcceptedAlgorithms 191.It HostbasedAuthentication 192.It HostKeyAlgorithms 193.It HostKeyAlias 194.It Hostname 195.It IdentitiesOnly 196.It IdentityAgent 197.It IdentityFile 198.It IPQoS 199.It IPv6PreferTemporary 200.It KbdInteractiveAuthentication 201.It KbdInteractiveDevices 202.It KexAlgorithms 203.It KnownHostsCommand 204.It LogLevel 205.It MACs 206.It NoHostAuthenticationForLocalhost 207.It NumberOfPasswordPrompts 208.It PasswordAuthentication 209.It PKCS11Provider 210.It Port 211.It PreferredAuthentications 212.It ProxyCommand 213.It ProxyJump 214.It PubkeyAcceptedAlgorithms 215.It PubkeyAuthentication 216.It RekeyLimit 217.It RequiredRSASize 218.It SendEnv 219.It ServerAliveInterval 220.It ServerAliveCountMax 221.It SetEnv 222.It StrictHostKeyChecking 223.It TCPKeepAlive 224.It UpdateHostKeys 225.It User 226.It UserKnownHostsFile 227.It VerifyHostKeyDNS 228.El 229.It Fl P Ar port 230Specifies the port to connect to on the remote host. 231Note that this option is written with a capital 232.Sq P , 233because 234.Fl p 235is already reserved for preserving the times and mode bits of the file. 236.It Fl p 237Preserves modification times, access times, and file mode bits from the 238source file. 239.It Fl q 240Quiet mode: disables the progress meter as well as warning and diagnostic 241messages from 242.Xr ssh 1 . 243.It Fl R 244Copies between two remote hosts are performed by connecting to the origin 245host and executing 246.Nm 247there. 248This requires that 249.Nm 250running on the origin host can authenticate to the destination host without 251requiring a password. 252.It Fl r 253Recursively copy entire directories. 254Note that 255.Nm 256follows symbolic links encountered in the tree traversal. 257.It Fl S Ar program 258Name of 259.Ar program 260to use for the encrypted connection. 261The program must understand 262.Xr ssh 1 263options. 264.It Fl T 265Disable strict filename checking. 266By default when copying files from a remote host to a local directory 267.Nm 268checks that the received filenames match those requested on the command-line 269to prevent the remote end from sending unexpected or unwanted files. 270Because of differences in how various operating systems and shells interpret 271filename wildcards, these checks may cause wanted files to be rejected. 272This option disables these checks at the expense of fully trusting that 273the server will not send unexpected filenames. 274.It Fl v 275Verbose mode. 276Causes 277.Nm 278and 279.Xr ssh 1 280to print debugging messages about their progress. 281This is helpful in 282debugging connection, authentication, and configuration problems. 283.It Fl X Ar sftp_option 284Specify an option that controls aspects of SFTP protocol behaviour. 285The valid options are: 286.Bl -tag -width Ds 287.It Cm nrequests Ns = Ns Ar value 288Controls how many concurrent SFTP read or write requests may be in progress 289at any point in time during a download or upload. 290By default 64 requests may be active concurrently. 291.It Cm buffer Ns = Ns Ar value 292Controls the maximum buffer size for a single SFTP read/write operation used 293during download or upload. 294By default a 32KB buffer is used. 295.El 296.El 297.Sh EXIT STATUS 298.Ex -std scp 299.Sh SEE ALSO 300.Xr sftp 1 , 301.Xr ssh 1 , 302.Xr ssh-add 1 , 303.Xr ssh-agent 1 , 304.Xr ssh-keygen 1 , 305.Xr ssh_config 5 , 306.Xr sftp-server 8 , 307.Xr sshd 8 308.Sh HISTORY 309.Nm 310is based on the rcp program in 311.Bx 312source code from the Regents of the University of California. 313.Pp 314Since OpenSSH 9.0, 315.Nm 316has used the SFTP protocol for transfers by default. 317.Sh AUTHORS 318.An Timo Rinne Aq Mt tri@iki.fi 319.An Tatu Ylonen Aq Mt ylo@cs.hut.fi 320.Sh CAVEATS 321The legacy SCP protocol (selected by the 322.Fl O 323flag) requires execution of the remote user's shell to perform 324.Xr glob 3 325pattern matching. 326This requires careful quoting of any characters that have special meaning to 327the remote shell, such as quote characters. 328