1.\" 2.\" scp.1 3.\" 4.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 5.\" 6.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 7.\" All rights reserved 8.\" 9.\" Created: Sun May 7 00:14:37 1995 ylo 10.\" 11.\" $OpenBSD: scp.1,v 1.112 2022/12/16 07:13:22 djm Exp $ 12.\" 13.Dd $Mdocdate: December 16 2022 $ 14.Dt SCP 1 15.Os 16.Sh NAME 17.Nm scp 18.Nd OpenSSH secure file copy 19.Sh SYNOPSIS 20.Nm scp 21.Op Fl 346ABCOpqRrsTv 22.Op Fl c Ar cipher 23.Op Fl D Ar sftp_server_path 24.Op Fl F Ar ssh_config 25.Op Fl i Ar identity_file 26.Op Fl J Ar destination 27.Op Fl l Ar limit 28.Op Fl o Ar ssh_option 29.Op Fl P Ar port 30.Op Fl S Ar program 31.Op Fl X Ar sftp_option 32.Ar source ... target 33.Sh DESCRIPTION 34.Nm 35copies files between hosts on a network. 36.Pp 37.Nm 38uses the SFTP protocol over a 39.Xr ssh 1 40connection for data transfer, and uses the same authentication and provides 41the same security as a login session. 42.Pp 43.Nm 44will ask for passwords or passphrases if they are needed for 45authentication. 46.Pp 47The 48.Ar source 49and 50.Ar target 51may be specified as a local pathname, a remote host with optional path 52in the form 53.Sm off 54.Oo user @ Oc host : Op path , 55.Sm on 56or a URI in the form 57.Sm off 58.No scp:// Oo user @ Oc host Oo : port Oc Op / path . 59.Sm on 60Local file names can be made explicit using absolute or relative pathnames 61to avoid 62.Nm 63treating file names containing 64.Sq :\& 65as host specifiers. 66.Pp 67When copying between two remote hosts, if the URI format is used, a 68.Ar port 69cannot be specified on the 70.Ar target 71if the 72.Fl R 73option is used. 74.Pp 75The options are as follows: 76.Bl -tag -width Ds 77.It Fl 3 78Copies between two remote hosts are transferred through the local host. 79Without this option the data is copied directly between the two remote 80hosts. 81Note that, when using the legacy SCP protocol (via the 82.Fl O 83flag), this option 84selects batch mode for the second host as 85.Nm 86cannot ask for passwords or passphrases for both hosts. 87This mode is the default. 88.It Fl 4 89Forces 90.Nm 91to use IPv4 addresses only. 92.It Fl 6 93Forces 94.Nm 95to use IPv6 addresses only. 96.It Fl A 97Allows forwarding of 98.Xr ssh-agent 1 99to the remote system. 100The default is not to forward an authentication agent. 101.It Fl B 102Selects batch mode (prevents asking for passwords or passphrases). 103.It Fl C 104Compression enable. 105Passes the 106.Fl C 107flag to 108.Xr ssh 1 109to enable compression. 110.It Fl c Ar cipher 111Selects the cipher to use for encrypting the data transfer. 112This option is directly passed to 113.Xr ssh 1 . 114.It Fl D Ar sftp_server_path 115Connect directly to a local SFTP server program rather than a 116remote one via 117.Xr ssh 1 . 118This option may be useful in debugging the client and server. 119.It Fl F Ar ssh_config 120Specifies an alternative 121per-user configuration file for 122.Nm ssh . 123This option is directly passed to 124.Xr ssh 1 . 125.It Fl i Ar identity_file 126Selects the file from which the identity (private key) for public key 127authentication is read. 128This option is directly passed to 129.Xr ssh 1 . 130.It Fl J Ar destination 131Connect to the target host by first making an 132.Nm 133connection to the jump host described by 134.Ar destination 135and then establishing a TCP forwarding to the ultimate destination from 136there. 137Multiple jump hops may be specified separated by comma characters. 138This is a shortcut to specify a 139.Cm ProxyJump 140configuration directive. 141This option is directly passed to 142.Xr ssh 1 . 143.It Fl l Ar limit 144Limits the used bandwidth, specified in Kbit/s. 145.It Fl O 146Use the legacy SCP protocol for file transfers instead of the SFTP protocol. 147Forcing the use of the SCP protocol may be necessary for servers that do 148not implement SFTP, for backwards-compatibility for particular filename 149wildcard patterns and for expanding paths with a 150.Sq ~ 151prefix for older SFTP servers. 152.It Fl o Ar ssh_option 153Can be used to pass options to 154.Nm ssh 155in the format used in 156.Xr ssh_config 5 . 157This is useful for specifying options 158for which there is no separate 159.Nm scp 160command-line flag. 161For full details of the options listed below, and their possible values, see 162.Xr ssh_config 5 . 163.Pp 164.Bl -tag -width Ds -offset indent -compact 165.It AddressFamily 166.It BatchMode 167.It BindAddress 168.It BindInterface 169.It CanonicalDomains 170.It CanonicalizeFallbackLocal 171.It CanonicalizeHostname 172.It CanonicalizeMaxDots 173.It CanonicalizePermittedCNAMEs 174.It CASignatureAlgorithms 175.It CertificateFile 176.It CheckHostIP 177.It Ciphers 178.It Compression 179.It ConnectionAttempts 180.It ConnectTimeout 181.It ControlMaster 182.It ControlPath 183.It ControlPersist 184.It GlobalKnownHostsFile 185.It GSSAPIAuthentication 186.It GSSAPIDelegateCredentials 187.It HashKnownHosts 188.It Host 189.It HostbasedAcceptedAlgorithms 190.It HostbasedAuthentication 191.It HostKeyAlgorithms 192.It HostKeyAlias 193.It Hostname 194.It IdentitiesOnly 195.It IdentityAgent 196.It IdentityFile 197.It IPQoS 198.It KbdInteractiveAuthentication 199.It KbdInteractiveDevices 200.It KexAlgorithms 201.It KnownHostsCommand 202.It LogLevel 203.It MACs 204.It NoHostAuthenticationForLocalhost 205.It NumberOfPasswordPrompts 206.It PasswordAuthentication 207.It PKCS11Provider 208.It Port 209.It PreferredAuthentications 210.It ProxyCommand 211.It ProxyJump 212.It PubkeyAcceptedAlgorithms 213.It PubkeyAuthentication 214.It RekeyLimit 215.It RequiredRSASize 216.It SendEnv 217.It ServerAliveInterval 218.It ServerAliveCountMax 219.It SetEnv 220.It StrictHostKeyChecking 221.It TCPKeepAlive 222.It UpdateHostKeys 223.It User 224.It UserKnownHostsFile 225.It VerifyHostKeyDNS 226.El 227.It Fl P Ar port 228Specifies the port to connect to on the remote host. 229Note that this option is written with a capital 230.Sq P , 231because 232.Fl p 233is already reserved for preserving the times and mode bits of the file. 234.It Fl p 235Preserves modification times, access times, and file mode bits from the 236source file. 237.It Fl q 238Quiet mode: disables the progress meter as well as warning and diagnostic 239messages from 240.Xr ssh 1 . 241.It Fl R 242Copies between two remote hosts are performed by connecting to the origin 243host and executing 244.Nm 245there. 246This requires that 247.Nm 248running on the origin host can authenticate to the destination host without 249requiring a password. 250.It Fl r 251Recursively copy entire directories. 252Note that 253.Nm 254follows symbolic links encountered in the tree traversal. 255.It Fl S Ar program 256Name of 257.Ar program 258to use for the encrypted connection. 259The program must understand 260.Xr ssh 1 261options. 262.It Fl T 263Disable strict filename checking. 264By default when copying files from a remote host to a local directory 265.Nm 266checks that the received filenames match those requested on the command-line 267to prevent the remote end from sending unexpected or unwanted files. 268Because of differences in how various operating systems and shells interpret 269filename wildcards, these checks may cause wanted files to be rejected. 270This option disables these checks at the expense of fully trusting that 271the server will not send unexpected filenames. 272.It Fl v 273Verbose mode. 274Causes 275.Nm 276and 277.Xr ssh 1 278to print debugging messages about their progress. 279This is helpful in 280debugging connection, authentication, and configuration problems. 281.It Fl X Ar sftp_option 282Specify an option that controls aspects of SFTP protocol behaviour. 283The valid options are: 284.Bl -tag -width Ds 285.It Cm nrequests Ns = Ns Ar value 286Controls how many concurrent SFTP read or write requests may be in progress 287at any point in time during a download or upload. 288By default 64 requests may be active concurrently. 289.It Cm buffer Ns = Ns Ar value 290Controls the maximum buffer size for a single SFTP read/write operation used 291during download or upload. 292By default a 32KB buffer is used. 293.El 294.El 295.Sh EXIT STATUS 296.Ex -std scp 297.Sh SEE ALSO 298.Xr sftp 1 , 299.Xr ssh 1 , 300.Xr ssh-add 1 , 301.Xr ssh-agent 1 , 302.Xr ssh-keygen 1 , 303.Xr ssh_config 5 , 304.Xr sftp-server 8 , 305.Xr sshd 8 306.Sh HISTORY 307.Nm 308is based on the rcp program in 309.Bx 310source code from the Regents of the University of California. 311.Pp 312Since OpenSSH 9.0, 313.Nm 314has used the SFTP protocol for transfers by default. 315.Sh AUTHORS 316.An Timo Rinne Aq Mt tri@iki.fi 317.An Tatu Ylonen Aq Mt ylo@cs.hut.fi 318.Sh CAVEATS 319The legacy SCP protocol (selected by the 320.Fl O 321flag) requires execution of the remote user's shell to perform 322.Xr glob 3 323pattern matching. 324This requires careful quoting of any characters that have special meaning to 325the remote shell, such as quote characters. 326