diff options
Diffstat (limited to 'scp.1')
| -rw-r--r-- | scp.1 | 325 |
1 files changed, 325 insertions, 0 deletions
@@ -0,0 +1,325 @@ +.\" +.\" scp.1 +.\" +.\" Author: Tatu Ylonen <ylo@cs.hut.fi> +.\" +.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland +.\" All rights reserved +.\" +.\" Created: Sun May 7 00:14:37 1995 ylo +.\" +.\" $OpenBSD: scp.1,v 1.112 2022/12/16 07:13:22 djm Exp $ +.\" +.Dd $Mdocdate: December 16 2022 $ +.Dt SCP 1 +.Os +.Sh NAME +.Nm scp +.Nd OpenSSH secure file copy +.Sh SYNOPSIS +.Nm scp +.Op Fl 346ABCOpqRrsTv +.Op Fl c Ar cipher +.Op Fl D Ar sftp_server_path +.Op Fl F Ar ssh_config +.Op Fl i Ar identity_file +.Op Fl J Ar destination +.Op Fl l Ar limit +.Op Fl o Ar ssh_option +.Op Fl P Ar port +.Op Fl S Ar program +.Op Fl X Ar sftp_option +.Ar source ... target +.Sh DESCRIPTION +.Nm +copies files between hosts on a network. +.Pp +.Nm +uses the SFTP protocol over a +.Xr ssh 1 +connection for data transfer, and uses the same authentication and provides +the same security as a login session. +.Pp +.Nm +will ask for passwords or passphrases if they are needed for +authentication. +.Pp +The +.Ar source +and +.Ar target +may be specified as a local pathname, a remote host with optional path +in the form +.Sm off +.Oo user @ Oc host : Op path , +.Sm on +or a URI in the form +.Sm off +.No scp:// Oo user @ Oc host Oo : port Oc Op / path . +.Sm on +Local file names can be made explicit using absolute or relative pathnames +to avoid +.Nm +treating file names containing +.Sq :\& +as host specifiers. +.Pp +When copying between two remote hosts, if the URI format is used, a +.Ar port +cannot be specified on the +.Ar target +if the +.Fl R +option is used. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl 3 +Copies between two remote hosts are transferred through the local host. +Without this option the data is copied directly between the two remote +hosts. +Note that, when using the legacy SCP protocol (via the +.Fl O +flag), this option +selects batch mode for the second host as +.Nm +cannot ask for passwords or passphrases for both hosts. +This mode is the default. +.It Fl 4 +Forces +.Nm +to use IPv4 addresses only. +.It Fl 6 +Forces +.Nm +to use IPv6 addresses only. +.It Fl A +Allows forwarding of +.Xr ssh-agent 1 +to the remote system. +The default is not to forward an authentication agent. +.It Fl B +Selects batch mode (prevents asking for passwords or passphrases). +.It Fl C +Compression enable. +Passes the +.Fl C +flag to +.Xr ssh 1 +to enable compression. +.It Fl c Ar cipher +Selects the cipher to use for encrypting the data transfer. +This option is directly passed to +.Xr ssh 1 . +.It Fl D Ar sftp_server_path +Connect directly to a local SFTP server program rather than a +remote one via +.Xr ssh 1 . +This option may be useful in debugging the client and server. +.It Fl F Ar ssh_config +Specifies an alternative +per-user configuration file for +.Nm ssh . +This option is directly passed to +.Xr ssh 1 . +.It Fl i Ar identity_file +Selects the file from which the identity (private key) for public key +authentication is read. +This option is directly passed to +.Xr ssh 1 . +.It Fl J Ar destination +Connect to the target host by first making an +.Nm +connection to the jump host described by +.Ar destination +and then establishing a TCP forwarding to the ultimate destination from +there. +Multiple jump hops may be specified separated by comma characters. +This is a shortcut to specify a +.Cm ProxyJump +configuration directive. +This option is directly passed to +.Xr ssh 1 . +.It Fl l Ar limit +Limits the used bandwidth, specified in Kbit/s. +.It Fl O +Use the legacy SCP protocol for file transfers instead of the SFTP protocol. +Forcing the use of the SCP protocol may be necessary for servers that do +not implement SFTP, for backwards-compatibility for particular filename +wildcard patterns and for expanding paths with a +.Sq ~ +prefix for older SFTP servers. +.It Fl o Ar ssh_option +Can be used to pass options to +.Nm ssh +in the format used in +.Xr ssh_config 5 . +This is useful for specifying options +for which there is no separate +.Nm scp +command-line flag. +For full details of the options listed below, and their possible values, see +.Xr ssh_config 5 . +.Pp +.Bl -tag -width Ds -offset indent -compact +.It AddressFamily +.It BatchMode +.It BindAddress +.It BindInterface +.It CanonicalDomains +.It CanonicalizeFallbackLocal +.It CanonicalizeHostname +.It CanonicalizeMaxDots +.It CanonicalizePermittedCNAMEs +.It CASignatureAlgorithms +.It CertificateFile +.It CheckHostIP +.It Ciphers +.It Compression +.It ConnectionAttempts +.It ConnectTimeout +.It ControlMaster +.It ControlPath +.It ControlPersist +.It GlobalKnownHostsFile +.It GSSAPIAuthentication +.It GSSAPIDelegateCredentials +.It HashKnownHosts +.It Host +.It HostbasedAcceptedAlgorithms +.It HostbasedAuthentication +.It HostKeyAlgorithms +.It HostKeyAlias +.It Hostname +.It IdentitiesOnly +.It IdentityAgent +.It IdentityFile +.It IPQoS +.It KbdInteractiveAuthentication +.It KbdInteractiveDevices +.It KexAlgorithms +.It KnownHostsCommand +.It LogLevel +.It MACs +.It NoHostAuthenticationForLocalhost +.It NumberOfPasswordPrompts +.It PasswordAuthentication +.It PKCS11Provider +.It Port +.It PreferredAuthentications +.It ProxyCommand +.It ProxyJump +.It PubkeyAcceptedAlgorithms +.It PubkeyAuthentication +.It RekeyLimit +.It RequiredRSASize +.It SendEnv +.It ServerAliveInterval +.It ServerAliveCountMax +.It SetEnv +.It StrictHostKeyChecking +.It TCPKeepAlive +.It UpdateHostKeys +.It User +.It UserKnownHostsFile +.It VerifyHostKeyDNS +.El +.It Fl P Ar port +Specifies the port to connect to on the remote host. +Note that this option is written with a capital +.Sq P , +because +.Fl p +is already reserved for preserving the times and mode bits of the file. +.It Fl p +Preserves modification times, access times, and file mode bits from the +source file. +.It Fl q +Quiet mode: disables the progress meter as well as warning and diagnostic +messages from +.Xr ssh 1 . +.It Fl R +Copies between two remote hosts are performed by connecting to the origin +host and executing +.Nm +there. +This requires that +.Nm +running on the origin host can authenticate to the destination host without +requiring a password. +.It Fl r +Recursively copy entire directories. +Note that +.Nm +follows symbolic links encountered in the tree traversal. +.It Fl S Ar program +Name of +.Ar program +to use for the encrypted connection. +The program must understand +.Xr ssh 1 +options. +.It Fl T +Disable strict filename checking. +By default when copying files from a remote host to a local directory +.Nm +checks that the received filenames match those requested on the command-line +to prevent the remote end from sending unexpected or unwanted files. +Because of differences in how various operating systems and shells interpret +filename wildcards, these checks may cause wanted files to be rejected. +This option disables these checks at the expense of fully trusting that +the server will not send unexpected filenames. +.It Fl v +Verbose mode. +Causes +.Nm +and +.Xr ssh 1 +to print debugging messages about their progress. +This is helpful in +debugging connection, authentication, and configuration problems. +.It Fl X Ar sftp_option +Specify an option that controls aspects of SFTP protocol behaviour. +The valid options are: +.Bl -tag -width Ds +.It Cm nrequests Ns = Ns Ar value +Controls how many concurrent SFTP read or write requests may be in progress +at any point in time during a download or upload. +By default 64 requests may be active concurrently. +.It Cm buffer Ns = Ns Ar value +Controls the maximum buffer size for a single SFTP read/write operation used +during download or upload. +By default a 32KB buffer is used. +.El +.El +.Sh EXIT STATUS +.Ex -std scp +.Sh SEE ALSO +.Xr sftp 1 , +.Xr ssh 1 , +.Xr ssh-add 1 , +.Xr ssh-agent 1 , +.Xr ssh-keygen 1 , +.Xr ssh_config 5 , +.Xr sftp-server 8 , +.Xr sshd 8 +.Sh HISTORY +.Nm +is based on the rcp program in +.Bx +source code from the Regents of the University of California. +.Pp +Since OpenSSH 9.0, +.Nm +has used the SFTP protocol for transfers by default. +.Sh AUTHORS +.An Timo Rinne Aq Mt tri@iki.fi +.An Tatu Ylonen Aq Mt ylo@cs.hut.fi +.Sh CAVEATS +The legacy SCP protocol (selected by the +.Fl O +flag) requires execution of the remote user's shell to perform +.Xr glob 3 +pattern matching. +This requires careful quoting of any characters that have special meaning to +the remote shell, such as quote characters. |