Secure copy protocol (SCP) is a means of securely transferring

computer file A computer file is a System resource, resource for recording Data (computing), data on a Computer data storage, computer storage device, primarily identified by its filename. Just as words can be written on paper, so too can data be written to a ...

s between a local host and a remote

host A host is a person responsible for guests at an event or for providing hospitality during it. Host may also refer to: Places * Host, Pennsylvania, a village in Berks County * Host Island, in the Wilhelm Archipelago, Antarctica People * ...

or between two remote hosts. It is based on the

Secure Shell The Secure Shell Protocol (SSH Protocol) is a cryptographic network protocol for operating network services securely over an unsecured network. Its most notable applications are remote login and command-line execution. SSH was designed for ...

(SSH) protocol. "SCP" commonly refers to both the Secure Copy Protocol and the program itself. According to OpenSSH developers in April 2019, SCP is outdated, inflexible and not readily fixed; they recommend the use of more modern protocols like SFTP and

rsync rsync (remote sync) is a utility for transferring and synchronizing files between a computer and a storage drive and across networked computers by comparing the modification times and sizes of files. It is commonly found on Unix-like opera ...

for file transfer. As of OpenSSH version 9.0, scp client therefore uses SFTP for file transfers by default instead of the legacy SCP/RCP protocol.

Secure Copy Protocol

The SCP is a

network protocol A communication protocol is a system of rules that allows two or more entities of a communications system to transmit information via any variation of a physical quantity. The protocol defines the rules, syntax, semantics, and synchronization of ...

, based on the

BSD The Berkeley Software Distribution (BSD), also known as Berkeley Unix or BSD Unix, is a discontinued Unix operating system developed and distributed by the Computer Systems Research Group (CSRG) at the University of California, Berkeley, beginni ...

RCP protocol, which supports

file transfer File transfer is the transmission of a computer file through a communication channel from one computer system to another. Typically, file transfer is mediated by a communications protocol. In the history of computing, numerous file transfer protoc ...

s between hosts on a network. SCP uses

(SSH) for data transfer and uses the same mechanisms for authentication, thereby ensuring the authenticity and

confidentiality Confidentiality involves a set of rules or a promise sometimes executed through confidentiality agreements that limits the access to or places restrictions on the distribution of certain types of information. Legal confidentiality By law, la ...

of the

data in transit Data in transit, also referred to as data in motion and data in flight, is data en route between source and destination, typically on a computer network. Data in transit can be separated into two categories: information that flows over the publ ...

. A client can send (upload) files to a server, optionally including their basic attributes (permissions, timestamps). Clients can also request files or directories from a server (download). SCP runs over TCP port 22 by default. Like RCP, there is no RFC that defines the specifics of the protocol.

Function

Normally, a client initiates an SSH connection to the remote host, and requests an SCP process to be started on the remote server. The remote SCP process can operate in one of two modes: * source mode, which reads files (usually from disk) and sends them back to the client, or * sink mode, which accepts the files sent by the client and writes them (usually to disk) on the remote host. For most SCP clients, source mode is generally triggered with the -f flag (from), while sink mode is triggered with -t (to). These flags are used internally and are not documented outside the SCP source code.

Remote to remote mode

In the past, in remote-to-remote secure copy, the SCP client would open an SSH connection to the source host and request that it, in turn, open an SCP connection to the destination. (Remote-to-remote mode did not support opening two SCP connections and using the originating client as an intermediary). SCP thus could not be used to remotely copy from the source to the destination when operating in password or keyboard-interactive authentication mode, as this would reveal the destination server's authentication credentials to the source. It was, however, possible with key-based or

GSSAPI The Generic Security Service Application Programming Interface (GSSAPI, also GSS-API) is an application programming interface for programs to access security services. The GSSAPI is an IETF standard that addresses the problem of many similar but ...

methods that do not require user input. More recently, remote-to-remote mode supports routing traffic through the client which originated the transfer, even though it is a 3rd party to the transfer. This way, authorization credentials must reside only on the originating client, the 3rd party.

Issues using talkative shell profiles

SCP does not expect text communicating with the SSH login shell. Text transmitted due to the SSH profile (e.g. echo "Welcome" in the .bashrc file) is interpreted as an error message, and a null line (echo "") causes SCP client to deadlock waiting for the error message to complete.

scp program

The SCP program is a software tool implementing the SCP protocol as a service daemon or client. It is a program to perform secure copying. Perhaps the most widely used SCP program is the OpenSSH

command line A command-line interface (CLI) is a means of interacting with software via command (computing), commands each formatted as a line of text. Command-line interfaces emerged in the mid-1960s, on computer terminals, as an interactive and more user ...

scp program, which is provided in most SSH implementations. The scp program is the secure analog of the rcp command. The scp program must be part of all SSH servers that want to provide SCP service, as scp functions as SCP server too. Since OpenSSH 9.0, the program has been updated to use the newer, more secure SFTP protocol; an -O option is added for using SCP with old SCP-only servers.

Syntax

Typically, a syntax of scp program is like the syntax of cp (copy): Copying local file to a remote host: scp LocalSourceFile user@remotehost:directory/TargetFile Copying file from remote host and recursively copying folder (with -r switch) from remote host: scp user@remotehost:directory/SourceFile LocalTargetFile scp -r user@host:directory/SourceFolder LocalTargetFolder Note that if the remote host uses a port other than the default of 22, it can be specified in the command. For example, copying a file from host: scp -P 2222 user@host:directory/SourceFile TargetFile

Other clients

As the Secure Copy Protocol implements file transfers only, GUI SCP clients are rare, as implementing it requires additional functionality ( directory listing at least). For example,

WinSCP WinSCP (''Windows Secure Copy'') is a file manager, SSH File Transfer Protocol (SFTP), File Transfer Protocol (FTP), WebDAV, Amazon S3, and secure copy protocol (SCP) client for Microsoft Windows. The WinSCP project has released its source code ...

defaults to the SFTP protocol. Even when operating in SCP mode, clients like WinSCP are typically not pure SCP clients, as they must use other means to implement the additional functionality (like the ls command). This in turn brings platform-dependency problems. More comprehensive tools for managing files over SSH are SFTP clients.

Security

In 2019 vulnerability was announced related to the openssh SCP tool and protocol allowing users to overwrite arbitrary files in the SCP client target directory.

References

{{Windows commands Cryptographic software Cryptographic protocols Network file transfer protocols