1.\" $NetBSD: scp.1,v 1.30 2023/07/28 05:06:44 rin Exp $ 2.\" 3.\" scp.1 4.\" 5.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 6.\" 7.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 8.\" All rights reserved 9.\" 10.\" Created: Sun May 7 00:14:37 1995 ylo 11.\" 12.\" $OpenBSD: scp.1,v 1.112 2022/12/16 07:13:22 djm Exp $ 13.\" 14.Dd December 16 2022 15.Dt SCP 1 16.Os 17.Sh NAME 18.Nm scp 19.Nd OpenSSH secure file copy 20.Sh SYNOPSIS 21.Nm scp 22.Op Fl 346ABCOpqRrsTv 23.Op Fl c Ar cipher 24.Op Fl D Ar sftp_server_path 25.Op Fl F Ar ssh_config 26.Op Fl i Ar identity_file 27.Op Fl J Ar destination 28.Op Fl l Ar limit 29.Op Fl o Ar ssh_option 30.Op Fl P Ar port 31.Op Fl S Ar program 32.Op Fl X Ar sftp_option 33.Ar source ... target 34.Sh DESCRIPTION 35.Nm 36copies files between hosts on a network. 37.Pp 38.Nm 39uses the SFTP protocol over a 40.Xr ssh 1 41connection for data transfer, and uses the same authentication and provides 42the same security as a login session. 43.Pp 44.Nm 45will ask for passwords or passphrases if they are needed for 46authentication. 47.Pp 48The 49.Ar source 50and 51.Ar target 52may be specified as a local pathname, a remote host with optional path 53in the form 54.Sm off 55.Oo user @ Oc host : Op path , 56.Sm on 57or a URI in the form 58.Sm off 59.No scp:// Oo user @ Oc host Oo : port Oc Op / path . 60.Sm on 61Local file names can be made explicit using absolute or relative pathnames 62to avoid 63.Nm 64treating file names containing 65.Sq :\& 66as host specifiers. 67.Pp 68When copying between two remote hosts, if the URI format is used, a 69.Ar port 70cannot be specified on the 71.Ar target 72if the 73.Fl R 74option is used. 75.Pp 76The options are as follows: 77.Bl -tag -width Ds 78.It Fl 3 79Copies between two remote hosts are transferred through the local host. 80Without this option the data is copied directly between the two remote 81hosts. 82Note that, when using the legacy SCP protocol (via the 83.Fl O 84flag), this option 85selects batch mode for the second host as 86.Nm 87cannot ask for passwords or passphrases for both hosts. 88This mode is the default. 89.It Fl 4 90Forces 91.Nm 92to use IPv4 addresses only. 93.It Fl 6 94Forces 95.Nm 96to use IPv6 addresses only. 97.It Fl A 98Allows forwarding of 99.Xr ssh-agent 1 100to the remote system. 101The default is not to forward an authentication agent. 102.It Fl B 103Selects batch mode (prevents asking for passwords or passphrases). 104.It Fl C 105Compression enable. 106Passes the 107.Fl C 108flag to 109.Xr ssh 1 110to enable compression. 111.It Fl c Ar cipher 112Selects the cipher to use for encrypting the data transfer. 113This option is directly passed to 114.Xr ssh 1 . 115.It Fl D Ar sftp_server_path 116Connect directly to a local SFTP server program rather than a 117remote one via 118.Xr ssh 1 . 119This option may be useful in debugging the client and server. 120.It Fl F Ar ssh_config 121Specifies an alternative 122per-user configuration file for 123.Nm ssh . 124This option is directly passed to 125.Xr ssh 1 . 126.It Fl i Ar identity_file 127Selects the file from which the identity (private key) for public key 128authentication is read. 129This option is directly passed to 130.Xr ssh 1 . 131.It Fl J Ar destination 132Connect to the target host by first making an 133.Nm 134connection to the jump host described by 135.Ar destination 136and then establishing a TCP forwarding to the ultimate destination from 137there. 138Multiple jump hops may be specified separated by comma characters. 139This is a shortcut to specify a 140.Cm ProxyJump 141configuration directive. 142This option is directly passed to 143.Xr ssh 1 . 144.It Fl l Ar limit 145Limits the used bandwidth, specified in Kbit/s. 146.It Fl O 147Use the legacy SCP protocol for file transfers instead of the SFTP protocol. 148Forcing the use of the SCP protocol may be necessary for servers that do 149not implement SFTP, for backwards-compatibility for particular filename 150wildcard patterns and for expanding paths with a 151.Sq ~ 152prefix for older SFTP servers. 153.It Fl o Ar ssh_option 154Can be used to pass options to 155.Nm ssh 156in the format used in 157.Xr ssh_config 5 . 158This is useful for specifying options 159for which there is no separate 160.Nm scp 161command-line flag. 162For full details of the options listed below, and their possible values, see 163.Xr ssh_config 5 . 164.Pp 165.Bl -tag -width Ds -offset indent -compact 166.It AddressFamily 167.It BatchMode 168.It BindAddress 169.It BindInterface 170.It CanonicalDomains 171.It CanonicalizeFallbackLocal 172.It CanonicalizeHostname 173.It CanonicalizeMaxDots 174.It CanonicalizePermittedCNAMEs 175.It CASignatureAlgorithms 176.It CertificateFile 177.It CheckHostIP 178.It Ciphers 179.It Compression 180.It ConnectionAttempts 181.It ConnectTimeout 182.It ControlMaster 183.It ControlPath 184.It ControlPersist 185.It GlobalKnownHostsFile 186.It GSSAPIAuthentication 187.It GSSAPIDelegateCredentials 188.It HashKnownHosts 189.It Host 190.It HostbasedAcceptedAlgorithms 191.It HostbasedAuthentication 192.It HostKeyAlgorithms 193.It HostKeyAlias 194.It Hostname 195.It IdentitiesOnly 196.It IdentityAgent 197.It IdentityFile 198.It IPQoS 199.It KbdInteractiveAuthentication 200.It KbdInteractiveDevices 201.It KexAlgorithms 202.It KnownHostsCommand 203.It LogLevel 204.It MACs 205.It NoHostAuthenticationForLocalhost 206.It NumberOfPasswordPrompts 207.It PasswordAuthentication 208.It PKCS11Provider 209.It Port 210.It PreferredAuthentications 211.It ProxyCommand 212.It ProxyJump 213.It PubkeyAcceptedAlgorithms 214.It PubkeyAuthentication 215.It RekeyLimit 216.It RequiredRSASize 217.It SendEnv 218.It ServerAliveInterval 219.It ServerAliveCountMax 220.It SetEnv 221.It StrictHostKeyChecking 222.It TCPKeepAlive 223.It UpdateHostKeys 224.It User 225.It UserKnownHostsFile 226.It VerifyHostKeyDNS 227.El 228.It Fl P Ar port 229Specifies the port to connect to on the remote host. 230Note that this option is written with a capital 231.Sq P , 232because 233.Fl p 234is already reserved for preserving the times and mode bits of the file. 235.It Fl p 236Preserves modification times, access times, and file mode bits from the 237source file. 238.It Fl q 239Quiet mode: disables the progress meter as well as warning and diagnostic 240messages from 241.Xr ssh 1 . 242.It Fl R 243Copies between two remote hosts are performed by connecting to the origin 244host and executing 245.Nm 246there. 247This requires that 248.Nm 249running on the origin host can authenticate to the destination host without 250requiring a password. 251.It Fl r 252Recursively copy entire directories. 253Note that 254.Nm 255follows symbolic links encountered in the tree traversal. 256.It Fl S Ar program 257Name of 258.Ar program 259to use for the encrypted connection. 260The program must understand 261.Xr ssh 1 262options. 263.It Fl T 264Disable strict filename checking. 265By default when copying files from a remote host to a local directory 266.Nm 267checks that the received filenames match those requested on the command-line 268to prevent the remote end from sending unexpected or unwanted files. 269Because of differences in how various operating systems and shells interpret 270filename wildcards, these checks may cause wanted files to be rejected. 271This option disables these checks at the expense of fully trusting that 272the server will not send unexpected filenames. 273.It Fl v 274Verbose mode. 275Causes 276.Nm 277and 278.Xr ssh 1 279to print debugging messages about their progress. 280This is helpful in 281debugging connection, authentication, and configuration problems. 282.It Fl X Ar sftp_option 283Specify an option that controls aspects of SFTP protocol behaviour. 284The valid options are: 285.Bl -tag -width Ds 286.It Cm nrequests Ns = Ns Ar value 287Controls how many concurrent SFTP read or write requests may be in progress 288at any point in time during a download or upload. 289By default 64 requests may be active concurrently. 290.It Cm buffer Ns = Ns Ar value 291Controls the maximum buffer size for a single SFTP read/write operation used 292during download or upload. 293By default a 32KB buffer is used. 294.El 295.El 296.Sh EXIT STATUS 297.Ex -std scp 298.Sh SEE ALSO 299.Xr sftp 1 , 300.Xr ssh 1 , 301.Xr ssh-add 1 , 302.Xr ssh-agent 1 , 303.Xr ssh-keygen 1 , 304.Xr ssh_config 5 , 305.Xr sftp-server 8 , 306.Xr sshd 8 307.Sh HISTORY 308.Nm 309is based on the rcp program in 310.Bx 311source code from the Regents of the University of California. 312.Pp 313Since OpenSSH 9.0, 314.Nm 315has used the SFTP protocol for transfers by default. 316.Sh AUTHORS 317.An Timo Rinne Aq Mt tri@iki.fi 318.An Tatu Ylonen Aq Mt ylo@cs.hut.fi 319.Sh CAVEATS 320The legacy SCP protocol (selected by the 321.Fl O 322flag) requires execution of the remote user's shell to perform 323.Xr glob 3 324pattern matching. 325This requires careful quoting of any characters that have special meaning to 326the remote shell, such as quote characters. 327