Secure copy protocol (SCP) is a means of securely transferring
computer file
A computer file is a computer resource for recording data in a computer storage device, primarily identified by its file name. Just as words can be written to paper, so can data be written to a computer file. Files can be shared with and transfe ...
s between a local host and a remote
host
A host is a person responsible for guests at an event or for providing hospitality during it.
Host may also refer to:
Places
* Host, Pennsylvania, a village in Berks County
People
*Jim Host (born 1937), American businessman
* Michel Host ...
or between two remote hosts. It is based on the
Secure Shell
The Secure Shell Protocol (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Its most notable applications are remote login and command-line execution.
SSH applications are based on a ...
(SSH) protocol. "SCP" commonly refers to both the Secure Copy Protocol and the program itself.
According to
OpenSSH
OpenSSH (also known as OpenBSD Secure Shell) is a suite of secure networking utilities based on the Secure Shell (SSH) protocol, which provides a secure channel over an unsecured network in a client–server architecture.
Network Working Gr ...
developers in April 2019, SCP is outdated, inflexible and not readily fixed; they recommend the use of more modern protocols like
SFTP and
rsync
rsync is a utility for efficiently transferring and synchronizing files between a computer and a storage drive and across networked computers by comparing the modification times and sizes of files. It is commonly found on Unix-like operat ...
for file transfer. As of OpenSSH version 9.0,
scp client therefore uses SFTP for file transfers by default instead of the legacy SCP/RCP protocol.
Secure Copy Protocol
The SCP is a
network protocol
A communication protocol is a system of rules that allows two or more entities of a communications system to transmit information via any kind of variation of a physical quantity. The protocol defines the rules, syntax, semantics and synchroniza ...
, based on the
BSD
The Berkeley Software Distribution or Berkeley Standard Distribution (BSD) is a discontinued operating system based on Research Unix, developed and distributed by the Computer Systems Research Group (CSRG) at the University of California, Berk ...
RCP protocol, which supports
file transfer File transfer is the transmission of a computer file through a communication channel from one computer system to another. Typically, file transfer is mediated by a communications protocol. In the history of computing, numerous file transfer protocol ...
s between hosts on a network. SCP uses
Secure Shell
The Secure Shell Protocol (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Its most notable applications are remote login and command-line execution.
SSH applications are based on a ...
(SSH) for data transfer and uses the same mechanisms for authentication, thereby ensuring the
authenticity
Authenticity or authentic may refer to:
* Authentication, the act of confirming the truth of an attribute
Arts and entertainment
* Authenticity in art, ways in which a work of art or an artistic performance may be considered authentic
Music
* A ...
and
confidentiality
Confidentiality involves a set of rules or a promise usually executed through confidentiality agreements that limits the access or places restrictions on certain types of information.
Legal confidentiality
By law, lawyers are often required ...
of the
data in transit
Data in transit, also referred to as data in motion and data in flight, is data en route between source and destination, typically on a computer network.
Data in transit can be separated into two categories: information that flows over the publi ...
. A client can send (upload) files to a server, optionally including their basic attributes (permissions, timestamps). Clients can also request files or directories from a server (download). SCP runs over
TCP port
In computer networking, a port is a number assigned to uniquely identify a connection endpoint and to direct data to a specific service. At the software level, within an operating system, a port is a logical construct that identifies a specific ...
22 by default. Like RCP, there is no
RFC
RFC may refer to:
Computing
* Request for Comments, a memorandum on Internet standards
* Request for change, change management
* Remote Function Call, in SAP computer systems
* Rhye's and Fall of Civilization, a modification for Sid Meier's Civ ...
that defines the specifics of the protocol.
Function
Normally, a client initiates an SSH connection to the remote host, and requests an SCP process to be started on the remote server. The remote SCP process can operate in one of two modes:
* source mode, which reads files (usually from disk) and sends them back to the client, or
* sink mode, which accepts the files sent by the client and writes them (usually to disk) on the remote host.
For most SCP clients, source mode is generally triggered with the
-f flag (from), while sink mode is triggered with
-t (to).
These flags are used internally and are not documented outside the SCP source code.
Remote to remote mode
In the past, in remote-to-remote secure copy, the SCP client opens an SSH connection to the source host and requests that it, in turn, open an SCP connection to the destination. (Remote-to-remote mode did not support opening two SCP connections and using the originating client as an intermediary). It is important to note that SCP cannot be used to remotely copy from the source to the destination when operating in password or keyboard-interactive authentication mode, as this would reveal the destination server's authentication credentials to the source. It is, however, possible with key-based or
GSSAPI
The Generic Security Service Application Program Interface (GSSAPI, also GSS-API) is an application programming interface for programs to access security services.
The GSSAPI is an IETF standard that addresses the problem of many similar but inco ...
methods that do not require user input.
Recently, remote-to-remote mode supports routing traffic through the client which originated the transfer, even though it is a 3rd party to the transfer. This way, authorization credentials must reside only on the originating client, the 3rd party.
Issues using talkative shell profiles
SCP does not expect text communicating with the SSH login shell. Text transmitted due to the SSH profile (e.g.
echo "Welcome" in the
.bashrc file) is interpreted as an error message, and a null line (
echo "") causes SCP client to deadlock waiting for the error message to complete.
Secure Copy (remote file copy program)
The SCP program is a software tool implementing the SCP protocol as a service daemon or client. It is a program to perform secure copying.
Perhaps the most widely used SCP program is the OpenSSH
command line
A command-line interpreter or command-line processor uses a command-line interface (CLI) to receive commands from a user in the form of lines of text. This provides a means of setting parameters for the environment, invoking executables and pro ...
scp program, which is provided in most SSH implementations. The
scp program is the secure analog of the
rcp command. The
scp program must be part of all SSH servers that want to provide SCP service, as
scp functions as SCP server too.
Some SSH implementations provide the
scp2 program, which uses the
SFTP protocol instead of SCP, but provides the very same
command line
A command-line interpreter or command-line processor uses a command-line interface (CLI) to receive commands from a user in the form of lines of text. This provides a means of setting parameters for the environment, invoking executables and pro ...
interface as
scp.
scp is then typically a
symbolic link
In computing, a symbolic link (also symlink or soft link) is a file whose purpose is to point to a file or directory (called the "target") by specifying a path thereto.
Symbolic links are supported by POSIX and by most Unix-like operating system ...
to
scp2.
Syntax
Typically, a syntax of
scp program is like the syntax of
cp (copy):
Copying local file to a remote host:
scp LocalSourceFile user@remotehost:directory/TargetFile
Copying file from remote host and copying folder from remote host (with
-r switch):
scp user@remotehost:directory/SourceFile LocalTargetFile
scp -r user@host:directory/SourceFolder LocalTargetFolder
Note that if the remote host uses a port other than the default of 22, it can be specified in the command. For example, copying a file from host:
scp -P 2222 user@host:directory/SourceFile TargetFile
Other clients
As the Secure Copy Protocol implements file transfers only,
GUI
The GUI ( "UI" by itself is still usually pronounced . or ), graphical user interface, is a form of user interface that allows users to interact with electronic devices through graphical icons and audio indicator such as primary notation, inste ...
SCP clients are rare, as implementing it requires additional functionality (
directory
Directory may refer to:
* Directory (computing), or folder, a file system structure in which to store computer files
* Directory (OpenVMS command)
* Directory service, a software application for organizing information about a computer network's u ...
listing at least). For example,
WinSCP
WinSCP (''Windows Secure Copy'') is a free and open-source SSH File Transfer Protocol (SFTP), File Transfer Protocol (FTP), WebDAV, Amazon S3, and secure copy protocol (SCP) client for Microsoft Windows. Its main function is secure file transfer ...
defaults to the SFTP protocol. Even when operating in SCP mode, clients like WinSCP are typically not pure SCP clients, as they must use other means to implement the additional functionality (like the
ls command). This in turn brings platform-dependency problems.
More comprehensive tools for managing files over SSH are
SFTP clients.
Security
In 2019 vulnerability
was announced related to the
openssh
OpenSSH (also known as OpenBSD Secure Shell) is a suite of secure networking utilities based on the Secure Shell (SSH) protocol, which provides a secure channel over an unsecured network in a client–server architecture.
Network Working Gr ...
SCP tool and protocol allowing users to overwrite arbitrary files in the SCP client target directory.
See also
References
{{Windows commands
Cryptographic software
Cryptographic protocols
Network file transfer protocols