1.\" $NetBSD: scp.1,v 1.21 2020/05/28 17:05:49 christos Exp $ 2.\" -*- nroff -*- 3.\" 4.\" scp.1 5.\" 6.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 7.\" 8.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 9.\" All rights reserved 10.\" 11.\" Created: Sun May 7 00:14:37 1995 ylo 12.\" 13.\" $OpenBSD: scp.1,v 1.89 2020/04/30 18:28:37 jmc Exp $ 14.\" 15.Dd April 30 2020 16.Dt SCP 1 17.Os 18.Sh NAME 19.Nm scp 20.Nd OpenSSH secure file copy 21.Sh SYNOPSIS 22.Nm scp 23.Op Fl 346BCpqrTv 24.Op Fl c Ar cipher 25.Op Fl F Ar ssh_config 26.Op Fl i Ar identity_file 27.Op Fl J Ar destination 28.Op Fl l Ar limit 29.Op Fl o Ar ssh_option 30.Op Fl P Ar port 31.Op Fl S Ar program 32.Ar source ... target 33.Sh DESCRIPTION 34.Nm 35copies files between hosts on a network. 36It uses 37.Xr ssh 1 38for data transfer, and uses the same authentication and provides the 39same security as 40.Xr ssh 1 . 41.Nm 42will ask for passwords or passphrases if they are needed for 43authentication. 44.Pp 45The 46.Ar source 47and 48.Ar target 49may be specified as a local pathname, a remote host with optional path 50in the form 51.Sm off 52.Oo user @ Oc host : Op path , 53.Sm on 54or a URI in the form 55.Sm off 56.No scp:// Oo user @ Oc host Oo : port Oc Op / path . 57.Sm on 58Local file names can be made explicit using absolute or relative pathnames 59to avoid 60.Nm 61treating file names containing 62.Sq :\& 63as host specifiers. 64.Pp 65When copying between two remote hosts, if the URI format is used, a 66.Ar port 67may only be specified on the 68.Ar target 69if the 70.Fl 3 71option is used. 72.Pp 73The options are as follows: 74.Bl -tag -width Ds 75.It Fl 3 76Copies between two remote hosts are transferred through the local host. 77Without this option the data is copied directly between the two remote 78hosts. 79Note that this option disables the progress meter and selects batch mode 80for the second host, since 81.Nm 82cannot ask for passwords or passphrases for both hosts. 83.It Fl 4 84Forces 85.Nm 86to use IPv4 addresses only. 87.It Fl 6 88Forces 89.Nm 90to use IPv6 addresses only. 91.It Fl B 92Selects batch mode (prevents asking for passwords or passphrases). 93.It Fl C 94Compression enable. 95Passes the 96.Fl C 97flag to 98.Xr ssh 1 99to enable compression. 100.It Fl c Ar cipher 101Selects the cipher to use for encrypting the data transfer. 102This option is directly passed to 103.Xr ssh 1 . 104.It Fl F Ar ssh_config 105Specifies an alternative 106per-user configuration file for 107.Nm ssh . 108This option is directly passed to 109.Xr ssh 1 . 110.It Fl i Ar identity_file 111Selects the file from which the identity (private key) for public key 112authentication is read. 113This option is directly passed to 114.Xr ssh 1 . 115.It Fl J Ar destination 116Connect to the target host by first making an 117.Nm 118connection to the jump host described by 119.Ar destination 120and then establishing a TCP forwarding to the ultimate destination from 121there. 122Multiple jump hops may be specified separated by comma characters. 123This is a shortcut to specify a 124.Cm ProxyJump 125configuration directive. 126This option is directly passed to 127.Xr ssh 1 . 128.It Fl l Ar limit 129Limits the used bandwidth, specified in Kbit/s. 130.It Fl o Ar ssh_option 131Can be used to pass options to 132.Nm ssh 133in the format used in 134.Xr ssh_config 5 . 135This is useful for specifying options 136for which there is no separate 137.Nm scp 138command-line flag. 139For full details of the options listed below, and their possible values, see 140.Xr ssh_config 5 . 141.Pp 142.Bl -tag -width Ds -offset indent -compact 143.It AddressFamily 144.It BatchMode 145.It BindAddress 146.It BindInterface 147.It CanonicalDomains 148.It CanonicalizeFallbackLocal 149.It CanonicalizeHostname 150.It CanonicalizeMaxDots 151.It CanonicalizePermittedCNAMEs 152.It CASignatureAlgorithms 153.It CertificateFile 154.It ChallengeResponseAuthentication 155.It CheckHostIP 156.It Ciphers 157.It Compression 158.It ConnectionAttempts 159.It ConnectTimeout 160.It ControlMaster 161.It ControlPath 162.It ControlPersist 163.It GlobalKnownHostsFile 164.It GSSAPIAuthentication 165.It GSSAPIDelegateCredentials 166.It HashKnownHosts 167.It Host 168.It HostbasedAuthentication 169.It HostbasedKeyTypes 170.It HostKeyAlgorithms 171.It HostKeyAlias 172.It Hostname 173.It IdentitiesOnly 174.It IdentityAgent 175.It IdentityFile 176.It IPQoS 177.It KbdInteractiveAuthentication 178.It KbdInteractiveDevices 179.It KexAlgorithms 180.It LogLevel 181.It MACs 182.It NoHostAuthenticationForLocalhost 183.It NumberOfPasswordPrompts 184.It PasswordAuthentication 185.It PKCS11Provider 186.It Port 187.It PreferredAuthentications 188.It ProxyCommand 189.It ProxyJump 190.It PubkeyAcceptedKeyTypes 191.It PubkeyAuthentication 192.It RekeyLimit 193.It SendEnv 194.It ServerAliveInterval 195.It ServerAliveCountMax 196.It SetEnv 197.It StrictHostKeyChecking 198.It TCPKeepAlive 199.It UpdateHostKeys 200.It User 201.It UserKnownHostsFile 202.It VerifyHostKeyDNS 203.El 204.It Fl P Ar port 205Specifies the port to connect to on the remote host. 206Note that this option is written with a capital 207.Sq P , 208because 209.Fl p 210is already reserved for preserving the times and modes of the file. 211.It Fl p 212Preserves modification times, access times, and modes from the 213original file. 214.It Fl q 215Quiet mode: disables the progress meter as well as warning and diagnostic 216messages from 217.Xr ssh 1 . 218.It Fl r 219Recursively copy entire directories. 220Note that 221.Nm 222follows symbolic links encountered in the tree traversal. 223.It Fl S Ar program 224Name of 225.Ar program 226to use for the encrypted connection. 227The program must understand 228.Xr ssh 1 229options. 230.It Fl T 231Disable strict filename checking. 232By default when copying files from a remote host to a local directory 233.Nm 234checks that the received filenames match those requested on the command-line 235to prevent the remote end from sending unexpected or unwanted files. 236Because of differences in how various operating systems and shells interpret 237filename wildcards, these checks may cause wanted files to be rejected. 238This option disables these checks at the expense of fully trusting that 239the server will not send unexpected filenames. 240.It Fl v 241Verbose mode. 242Causes 243.Nm 244and 245.Xr ssh 1 246to print debugging messages about their progress. 247This is helpful in 248debugging connection, authentication, and configuration problems. 249.El 250.Sh EXIT STATUS 251.Ex -std scp 252.Sh SEE ALSO 253.Xr sftp 1 , 254.Xr ssh 1 , 255.Xr ssh-add 1 , 256.Xr ssh-agent 1 , 257.Xr ssh-keygen 1 , 258.Xr ssh_config 5 , 259.Xr sshd 8 260.Sh HISTORY 261.Nm 262is based on the rcp program in 263.Bx 264source code from the Regents of the University of California. 265.Sh AUTHORS 266.An Timo Rinne Aq Mt tri@iki.fi 267.An Tatu Ylonen Aq Mt ylo@cs.hut.fi 268