1.\" 2.\" scp.1 3.\" 4.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 5.\" 6.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 7.\" All rights reserved 8.\" 9.\" Created: Sun May 7 00:14:37 1995 ylo 10.\" 11.\" $OpenBSD: scp.1,v 1.91 2020/10/03 02:18:33 deraadt Exp $ 12.\" 13.Dd $Mdocdate: October 3 2020 $ 14.Dt SCP 1 15.Os 16.Sh NAME 17.Nm scp 18.Nd OpenSSH secure file copy 19.Sh SYNOPSIS 20.Nm scp 21.Op Fl 346ABCpqrTv 22.Op Fl c Ar cipher 23.Op Fl F Ar ssh_config 24.Op Fl i Ar identity_file 25.Op Fl J Ar destination 26.Op Fl l Ar limit 27.Op Fl o Ar ssh_option 28.Op Fl P Ar port 29.Op Fl S Ar program 30.Ar source ... target 31.Sh DESCRIPTION 32.Nm 33copies files between hosts on a network. 34.Pp 35It uses 36.Xr ssh 1 37for data transfer, and uses the same authentication and provides the 38same security as a login session. 39The scp protocol requires execution of the remote user's shell to perform 40.Xr glob 3 41pattern matching. 42.Pp 43.Nm 44will ask for passwords or passphrases if they are needed for 45authentication. 46.Pp 47The 48.Ar source 49and 50.Ar target 51may be specified as a local pathname, a remote host with optional path 52in the form 53.Sm off 54.Oo user @ Oc host : Op path , 55.Sm on 56or a URI in the form 57.Sm off 58.No scp:// Oo user @ Oc host Oo : port Oc Op / path . 59.Sm on 60Local file names can be made explicit using absolute or relative pathnames 61to avoid 62.Nm 63treating file names containing 64.Sq :\& 65as host specifiers. 66.Pp 67When copying between two remote hosts, if the URI format is used, a 68.Ar port 69may only be specified on the 70.Ar target 71if the 72.Fl 3 73option is used. 74.Pp 75The options are as follows: 76.Bl -tag -width Ds 77.It Fl 3 78Copies between two remote hosts are transferred through the local host. 79Without this option the data is copied directly between the two remote 80hosts. 81Note that this option disables the progress meter and selects batch mode 82for the second host, since 83.Nm 84cannot ask for passwords or passphrases for both hosts. 85.It Fl 4 86Forces 87.Nm 88to use IPv4 addresses only. 89.It Fl 6 90Forces 91.Nm 92to use IPv6 addresses only. 93.It Fl A 94Allows forwarding of 95.Xr ssh-agent 1 96to the remote system. 97The default is not to forward an authentication agent. 98.It Fl B 99Selects batch mode (prevents asking for passwords or passphrases). 100.It Fl C 101Compression enable. 102Passes the 103.Fl C 104flag to 105.Xr ssh 1 106to enable compression. 107.It Fl c Ar cipher 108Selects the cipher to use for encrypting the data transfer. 109This option is directly passed to 110.Xr ssh 1 . 111.It Fl F Ar ssh_config 112Specifies an alternative 113per-user configuration file for 114.Nm ssh . 115This option is directly passed to 116.Xr ssh 1 . 117.It Fl i Ar identity_file 118Selects the file from which the identity (private key) for public key 119authentication is read. 120This option is directly passed to 121.Xr ssh 1 . 122.It Fl J Ar destination 123Connect to the target host by first making an 124.Nm 125connection to the jump host described by 126.Ar destination 127and then establishing a TCP forwarding to the ultimate destination from 128there. 129Multiple jump hops may be specified separated by comma characters. 130This is a shortcut to specify a 131.Cm ProxyJump 132configuration directive. 133This option is directly passed to 134.Xr ssh 1 . 135.It Fl l Ar limit 136Limits the used bandwidth, specified in Kbit/s. 137.It Fl o Ar ssh_option 138Can be used to pass options to 139.Nm ssh 140in the format used in 141.Xr ssh_config 5 . 142This is useful for specifying options 143for which there is no separate 144.Nm scp 145command-line flag. 146For full details of the options listed below, and their possible values, see 147.Xr ssh_config 5 . 148.Pp 149.Bl -tag -width Ds -offset indent -compact 150.It AddressFamily 151.It BatchMode 152.It BindAddress 153.It BindInterface 154.It CanonicalDomains 155.It CanonicalizeFallbackLocal 156.It CanonicalizeHostname 157.It CanonicalizeMaxDots 158.It CanonicalizePermittedCNAMEs 159.It CASignatureAlgorithms 160.It CertificateFile 161.It ChallengeResponseAuthentication 162.It CheckHostIP 163.It Ciphers 164.It Compression 165.It ConnectionAttempts 166.It ConnectTimeout 167.It ControlMaster 168.It ControlPath 169.It ControlPersist 170.It GlobalKnownHostsFile 171.It GSSAPIAuthentication 172.It GSSAPIDelegateCredentials 173.It HashKnownHosts 174.It Host 175.It HostbasedAuthentication 176.It HostbasedKeyTypes 177.It HostKeyAlgorithms 178.It HostKeyAlias 179.It Hostname 180.It IdentitiesOnly 181.It IdentityAgent 182.It IdentityFile 183.It IPQoS 184.It KbdInteractiveAuthentication 185.It KbdInteractiveDevices 186.It KexAlgorithms 187.It LogLevel 188.It MACs 189.It NoHostAuthenticationForLocalhost 190.It NumberOfPasswordPrompts 191.It PasswordAuthentication 192.It PKCS11Provider 193.It Port 194.It PreferredAuthentications 195.It ProxyCommand 196.It ProxyJump 197.It PubkeyAcceptedKeyTypes 198.It PubkeyAuthentication 199.It RekeyLimit 200.It SendEnv 201.It ServerAliveInterval 202.It ServerAliveCountMax 203.It SetEnv 204.It StrictHostKeyChecking 205.It TCPKeepAlive 206.It UpdateHostKeys 207.It User 208.It UserKnownHostsFile 209.It VerifyHostKeyDNS 210.El 211.It Fl P Ar port 212Specifies the port to connect to on the remote host. 213Note that this option is written with a capital 214.Sq P , 215because 216.Fl p 217is already reserved for preserving the times and modes of the file. 218.It Fl p 219Preserves modification times, access times, and modes from the 220original file. 221.It Fl q 222Quiet mode: disables the progress meter as well as warning and diagnostic 223messages from 224.Xr ssh 1 . 225.It Fl r 226Recursively copy entire directories. 227Note that 228.Nm 229follows symbolic links encountered in the tree traversal. 230.It Fl S Ar program 231Name of 232.Ar program 233to use for the encrypted connection. 234The program must understand 235.Xr ssh 1 236options. 237.It Fl T 238Disable strict filename checking. 239By default when copying files from a remote host to a local directory 240.Nm 241checks that the received filenames match those requested on the command-line 242to prevent the remote end from sending unexpected or unwanted files. 243Because of differences in how various operating systems and shells interpret 244filename wildcards, these checks may cause wanted files to be rejected. 245This option disables these checks at the expense of fully trusting that 246the server will not send unexpected filenames. 247.It Fl v 248Verbose mode. 249Causes 250.Nm 251and 252.Xr ssh 1 253to print debugging messages about their progress. 254This is helpful in 255debugging connection, authentication, and configuration problems. 256.El 257.Sh EXIT STATUS 258.Ex -std scp 259.Sh SEE ALSO 260.Xr sftp 1 , 261.Xr ssh 1 , 262.Xr ssh-add 1 , 263.Xr ssh-agent 1 , 264.Xr ssh-keygen 1 , 265.Xr ssh_config 5 , 266.Xr sshd 8 267.Sh HISTORY 268.Nm 269is based on the rcp program in 270.Bx 271source code from the Regents of the University of California. 272.Sh AUTHORS 273.An Timo Rinne Aq Mt tri@iki.fi 274.An Tatu Ylonen Aq Mt ylo@cs.hut.fi 275