1.\" 2.\" scp.1 3.\" 4.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 5.\" 6.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 7.\" All rights reserved 8.\" 9.\" Created: Sun May 7 00:14:37 1995 ylo 10.\" 11.\" $OpenBSD: scp.1,v 1.95 2021/01/26 15:40:17 naddy Exp $ 12.\" 13.Dd $Mdocdate: January 26 2021 $ 14.Dt SCP 1 15.Os 16.Sh NAME 17.Nm scp 18.Nd OpenSSH secure file copy 19.Sh SYNOPSIS 20.Nm scp 21.Op Fl 346ABCpqrTv 22.Op Fl c Ar cipher 23.Op Fl F Ar ssh_config 24.Op Fl i Ar identity_file 25.Op Fl J Ar destination 26.Op Fl l Ar limit 27.Op Fl o Ar ssh_option 28.Op Fl P Ar port 29.Op Fl S Ar program 30.Ar source ... target 31.Sh DESCRIPTION 32.Nm 33copies files between hosts on a network. 34.Pp 35It uses 36.Xr ssh 1 37for data transfer, and uses the same authentication and provides the 38same security as a login session. 39The scp protocol requires execution of the remote user's shell to perform 40.Xr glob 3 41pattern matching. 42.Pp 43.Nm 44will ask for passwords or passphrases if they are needed for 45authentication. 46.Pp 47The 48.Ar source 49and 50.Ar target 51may be specified as a local pathname, a remote host with optional path 52in the form 53.Sm off 54.Oo user @ Oc host : Op path , 55.Sm on 56or a URI in the form 57.Sm off 58.No scp:// Oo user @ Oc host Oo : port Oc Op / path . 59.Sm on 60Local file names can be made explicit using absolute or relative pathnames 61to avoid 62.Nm 63treating file names containing 64.Sq :\& 65as host specifiers. 66.Pp 67When copying between two remote hosts, if the URI format is used, a 68.Ar port 69may only be specified on the 70.Ar target 71if the 72.Fl 3 73option is used. 74.Pp 75The options are as follows: 76.Bl -tag -width Ds 77.It Fl 3 78Copies between two remote hosts are transferred through the local host. 79Without this option the data is copied directly between the two remote 80hosts. 81Note that this option disables the progress meter and selects batch mode 82for the second host, since 83.Nm 84cannot ask for passwords or passphrases for both hosts. 85.It Fl 4 86Forces 87.Nm 88to use IPv4 addresses only. 89.It Fl 6 90Forces 91.Nm 92to use IPv6 addresses only. 93.It Fl A 94Allows forwarding of 95.Xr ssh-agent 1 96to the remote system. 97The default is not to forward an authentication agent. 98.It Fl B 99Selects batch mode (prevents asking for passwords or passphrases). 100.It Fl C 101Compression enable. 102Passes the 103.Fl C 104flag to 105.Xr ssh 1 106to enable compression. 107.It Fl c Ar cipher 108Selects the cipher to use for encrypting the data transfer. 109This option is directly passed to 110.Xr ssh 1 . 111.It Fl F Ar ssh_config 112Specifies an alternative 113per-user configuration file for 114.Nm ssh . 115This option is directly passed to 116.Xr ssh 1 . 117.It Fl i Ar identity_file 118Selects the file from which the identity (private key) for public key 119authentication is read. 120This option is directly passed to 121.Xr ssh 1 . 122.It Fl J Ar destination 123Connect to the target host by first making an 124.Nm 125connection to the jump host described by 126.Ar destination 127and then establishing a TCP forwarding to the ultimate destination from 128there. 129Multiple jump hops may be specified separated by comma characters. 130This is a shortcut to specify a 131.Cm ProxyJump 132configuration directive. 133This option is directly passed to 134.Xr ssh 1 . 135.It Fl l Ar limit 136Limits the used bandwidth, specified in Kbit/s. 137.It Fl o Ar ssh_option 138Can be used to pass options to 139.Nm ssh 140in the format used in 141.Xr ssh_config 5 . 142This is useful for specifying options 143for which there is no separate 144.Nm scp 145command-line flag. 146For full details of the options listed below, and their possible values, see 147.Xr ssh_config 5 . 148.Pp 149.Bl -tag -width Ds -offset indent -compact 150.It AddressFamily 151.It BatchMode 152.It BindAddress 153.It BindInterface 154.It CanonicalDomains 155.It CanonicalizeFallbackLocal 156.It CanonicalizeHostname 157.It CanonicalizeMaxDots 158.It CanonicalizePermittedCNAMEs 159.It CASignatureAlgorithms 160.It CertificateFile 161.It ChallengeResponseAuthentication 162.It CheckHostIP 163.It Ciphers 164.It Compression 165.It ConnectionAttempts 166.It ConnectTimeout 167.It ControlMaster 168.It ControlPath 169.It ControlPersist 170.It GlobalKnownHostsFile 171.It GSSAPIAuthentication 172.It GSSAPIDelegateCredentials 173.It HashKnownHosts 174.It Host 175.It HostbasedAcceptedAlgorithms 176.It HostbasedAuthentication 177.It HostKeyAlgorithms 178.It HostKeyAlias 179.It Hostname 180.It IdentitiesOnly 181.It IdentityAgent 182.It IdentityFile 183.It IPQoS 184.It KbdInteractiveAuthentication 185.It KbdInteractiveDevices 186.It KexAlgorithms 187.It KnownHostsCommand 188.It LogLevel 189.It MACs 190.It NoHostAuthenticationForLocalhost 191.It NumberOfPasswordPrompts 192.It PasswordAuthentication 193.It PKCS11Provider 194.It Port 195.It PreferredAuthentications 196.It ProxyCommand 197.It ProxyJump 198.It PubkeyAcceptedAlgorithms 199.It PubkeyAuthentication 200.It RekeyLimit 201.It SendEnv 202.It ServerAliveInterval 203.It ServerAliveCountMax 204.It SetEnv 205.It StrictHostKeyChecking 206.It TCPKeepAlive 207.It UpdateHostKeys 208.It User 209.It UserKnownHostsFile 210.It VerifyHostKeyDNS 211.El 212.It Fl P Ar port 213Specifies the port to connect to on the remote host. 214Note that this option is written with a capital 215.Sq P , 216because 217.Fl p 218is already reserved for preserving the times and modes of the file. 219.It Fl p 220Preserves modification times, access times, and modes from the 221original file. 222.It Fl q 223Quiet mode: disables the progress meter as well as warning and diagnostic 224messages from 225.Xr ssh 1 . 226.It Fl r 227Recursively copy entire directories. 228Note that 229.Nm 230follows symbolic links encountered in the tree traversal. 231.It Fl S Ar program 232Name of 233.Ar program 234to use for the encrypted connection. 235The program must understand 236.Xr ssh 1 237options. 238.It Fl T 239Disable strict filename checking. 240By default when copying files from a remote host to a local directory 241.Nm 242checks that the received filenames match those requested on the command-line 243to prevent the remote end from sending unexpected or unwanted files. 244Because of differences in how various operating systems and shells interpret 245filename wildcards, these checks may cause wanted files to be rejected. 246This option disables these checks at the expense of fully trusting that 247the server will not send unexpected filenames. 248.It Fl v 249Verbose mode. 250Causes 251.Nm 252and 253.Xr ssh 1 254to print debugging messages about their progress. 255This is helpful in 256debugging connection, authentication, and configuration problems. 257.El 258.Sh EXIT STATUS 259.Ex -std scp 260.Sh SEE ALSO 261.Xr sftp 1 , 262.Xr ssh 1 , 263.Xr ssh-add 1 , 264.Xr ssh-agent 1 , 265.Xr ssh-keygen 1 , 266.Xr ssh_config 5 , 267.Xr sshd 8 268.Sh HISTORY 269.Nm 270is based on the rcp program in 271.Bx 272source code from the Regents of the University of California. 273.Sh AUTHORS 274.An Timo Rinne Aq Mt tri@iki.fi 275.An Tatu Ylonen Aq Mt ylo@cs.hut.fi 276