Annotation of src/usr.bin/ssh/scp.1, Revision 1.105
1.1 deraadt 1: .\"
2: .\" scp.1
3: .\"
4: .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
5: .\"
6: .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
7: .\" All rights reserved
8: .\"
9: .\" Created: Sun May 7 00:14:37 1995 ylo
10: .\"
1.105 ! djm 11: .\" $OpenBSD: scp.1,v 1.104 2021/09/20 01:55:42 djm Exp $
1.1 deraadt 12: .\"
1.105 ! djm 13: .Dd $Mdocdate: September 20 2021 $
1.3 aaron 14: .Dt SCP 1
15: .Os
16: .Sh NAME
17: .Nm scp
1.87 jmc 18: .Nd OpenSSH secure file copy
1.3 aaron 19: .Sh SYNOPSIS
20: .Nm scp
1.105 ! djm 21: .Op Fl 346ABCOpqRrsTv
1.29 jmc 22: .Op Fl c Ar cipher
1.97 djm 23: .Op Fl D Ar sftp_server_path
1.19 stevesk 24: .Op Fl F Ar ssh_config
1.84 jmc 25: .Op Fl i Ar identity_file
1.83 tb 26: .Op Fl J Ar destination
1.25 markus 27: .Op Fl l Ar limit
1.17 stevesk 28: .Op Fl o Ar ssh_option
1.29 jmc 29: .Op Fl P Ar port
30: .Op Fl S Ar program
1.76 jmc 31: .Ar source ... target
1.7 aaron 32: .Sh DESCRIPTION
1.3 aaron 33: .Nm
1.6 aaron 34: copies files between hosts on a network.
1.91 deraadt 35: .Pp
1.6 aaron 36: It uses
1.3 aaron 37: .Xr ssh 1
1.1 deraadt 38: for data transfer, and uses the same authentication and provides the
1.91 deraadt 39: same security as a login session.
40: .Pp
1.3 aaron 41: .Nm
1.1 deraadt 42: will ask for passwords or passphrases if they are needed for
43: authentication.
1.3 aaron 44: .Pp
1.75 millert 45: The
1.76 jmc 46: .Ar source
47: and
1.75 millert 48: .Ar target
49: may be specified as a local pathname, a remote host with optional path
50: in the form
1.76 jmc 51: .Sm off
52: .Oo user @ Oc host : Op path ,
53: .Sm on
54: or a URI in the form
55: .Sm off
56: .No scp:// Oo user @ Oc host Oo : port Oc Op / path .
57: .Sm on
1.44 jmc 58: Local file names can be made explicit using absolute or relative pathnames
59: to avoid
60: .Nm
61: treating file names containing
62: .Sq :\&
63: as host specifiers.
1.75 millert 64: .Pp
65: When copying between two remote hosts, if the URI format is used, a
66: .Ar port
1.100 naddy 67: cannot be specified on the
1.75 millert 68: .Ar target
69: if the
1.100 naddy 70: .Fl R
1.75 millert 71: option is used.
1.3 aaron 72: .Pp
73: The options are as follows:
74: .Bl -tag -width Ds
1.55 markus 75: .It Fl 3
76: Copies between two remote hosts are transferred through the local host.
77: Without this option the data is copied directly between the two remote
78: hosts.
1.104 djm 79: Note that, when using the original SCP protocol (the default), this option
1.98 djm 80: selects batch mode for the second host as
1.89 jmc 81: .Nm
82: cannot ask for passwords or passphrases for both hosts.
1.98 djm 83: This mode is the default.
1.29 jmc 84: .It Fl 4
85: Forces
86: .Nm
87: to use IPv4 addresses only.
88: .It Fl 6
89: Forces
1.3 aaron 90: .Nm
1.29 jmc 91: to use IPv6 addresses only.
1.90 djm 92: .It Fl A
93: Allows forwarding of
94: .Xr ssh-agent 1
95: to the remote system.
96: The default is not to forward an authentication agent.
1.3 aaron 97: .It Fl B
1.1 deraadt 98: Selects batch mode (prevents asking for passwords or passphrases).
1.3 aaron 99: .It Fl C
1.6 aaron 100: Compression enable.
101: Passes the
1.3 aaron 102: .Fl C
103: flag to
104: .Xr ssh 1
1.1 deraadt 105: to enable compression.
1.29 jmc 106: .It Fl c Ar cipher
107: Selects the cipher to use for encrypting the data transfer.
108: This option is directly passed to
109: .Xr ssh 1 .
1.97 djm 110: .It Fl D Ar sftp_server_path
1.99 djm 111: When using the SFTP protocol support via
1.104 djm 112: .Fl s ,
1.97 djm 113: connect directly to a local SFTP server program rather than a
114: remote one via
115: .Xr ssh 1 .
116: This option may be useful in debugging the client and server.
1.19 stevesk 117: .It Fl F Ar ssh_config
118: Specifies an alternative
119: per-user configuration file for
120: .Nm ssh .
121: This option is directly passed to
122: .Xr ssh 1 .
1.29 jmc 123: .It Fl i Ar identity_file
1.46 djm 124: Selects the file from which the identity (private key) for public key
1.29 jmc 125: authentication is read.
1.82 tb 126: This option is directly passed to
127: .Xr ssh 1 .
128: .It Fl J Ar destination
1.84 jmc 129: Connect to the target host by first making an
1.82 tb 130: .Nm
131: connection to the jump host described by
132: .Ar destination
133: and then establishing a TCP forwarding to the ultimate destination from
134: there.
135: Multiple jump hops may be specified separated by comma characters.
136: This is a shortcut to specify a
137: .Cm ProxyJump
138: configuration directive.
1.29 jmc 139: This option is directly passed to
140: .Xr ssh 1 .
141: .It Fl l Ar limit
142: Limits the used bandwidth, specified in Kbit/s.
1.99 djm 143: .It Fl O
1.104 djm 144: Use the original SCP protocol for file transfers instead of the SFTP protocol.
1.99 djm 145: Forcing the use of the SCP protocol may be necessary for servers that do
1.101 djm 146: not implement SFTP, for backwards-compatibility for particular filename
147: wildcard patterns and for expanding paths with a
148: .Sq ~
149: prefix for older SFTP servers.
1.104 djm 150: This mode is the default.
1.29 jmc 151: .It Fl o Ar ssh_option
152: Can be used to pass options to
153: .Nm ssh
154: in the format used in
155: .Xr ssh_config 5 .
156: This is useful for specifying options
157: for which there is no separate
158: .Nm scp
159: command-line flag.
160: For full details of the options listed below, and their possible values, see
161: .Xr ssh_config 5 .
162: .Pp
163: .Bl -tag -width Ds -offset indent -compact
164: .It AddressFamily
165: .It BatchMode
166: .It BindAddress
1.77 jmc 167: .It BindInterface
1.61 djm 168: .It CanonicalDomains
169: .It CanonicalizeFallbackLocal
170: .It CanonicalizeHostname
171: .It CanonicalizeMaxDots
172: .It CanonicalizePermittedCNAMEs
1.81 jmc 173: .It CASignatureAlgorithms
1.68 jmc 174: .It CertificateFile
1.29 jmc 175: .It CheckHostIP
176: .It Ciphers
177: .It Compression
1.74 naddy 178: .It ConnectionAttempts
1.34 dtucker 179: .It ConnectTimeout
1.36 djm 180: .It ControlMaster
181: .It ControlPath
1.57 djm 182: .It ControlPersist
1.29 jmc 183: .It GlobalKnownHostsFile
184: .It GSSAPIAuthentication
185: .It GSSAPIDelegateCredentials
1.38 jmc 186: .It HashKnownHosts
1.29 jmc 187: .It Host
1.95 naddy 188: .It HostbasedAcceptedAlgorithms
1.29 jmc 189: .It HostbasedAuthentication
190: .It HostKeyAlgorithms
191: .It HostKeyAlias
1.86 jmc 192: .It Hostname
1.70 jmc 193: .It IdentitiesOnly
1.69 markus 194: .It IdentityAgent
1.29 jmc 195: .It IdentityFile
1.54 jmc 196: .It IPQoS
1.57 djm 197: .It KbdInteractiveAuthentication
1.37 djm 198: .It KbdInteractiveDevices
1.52 jmc 199: .It KexAlgorithms
1.92 jmc 200: .It KnownHostsCommand
1.29 jmc 201: .It LogLevel
202: .It MACs
203: .It NoHostAuthenticationForLocalhost
204: .It NumberOfPasswordPrompts
205: .It PasswordAuthentication
1.50 markus 206: .It PKCS11Provider
1.29 jmc 207: .It Port
208: .It PreferredAuthentications
209: .It ProxyCommand
1.71 jmc 210: .It ProxyJump
1.93 dtucker 211: .It PubkeyAcceptedAlgorithms
1.29 jmc 212: .It PubkeyAuthentication
1.39 dtucker 213: .It RekeyLimit
1.35 jmc 214: .It SendEnv
1.32 markus 215: .It ServerAliveInterval
216: .It ServerAliveCountMax
1.79 jmc 217: .It SetEnv
1.29 jmc 218: .It StrictHostKeyChecking
1.31 markus 219: .It TCPKeepAlive
1.65 jmc 220: .It UpdateHostKeys
1.29 jmc 221: .It User
222: .It UserKnownHostsFile
223: .It VerifyHostKeyDNS
224: .El
1.4 markus 225: .It Fl P Ar port
1.6 aaron 226: Specifies the port to connect to on the remote host.
227: Note that this option is written with a capital
1.3 aaron 228: .Sq P ,
229: because
230: .Fl p
1.103 dtucker 231: is already reserved for preserving the times and mode bits of the file.
1.29 jmc 232: .It Fl p
1.103 dtucker 233: Preserves modification times, access times, and file mode bits from the
234: source file.
1.29 jmc 235: .It Fl q
1.43 djm 236: Quiet mode: disables the progress meter as well as warning and diagnostic
237: messages from
238: .Xr ssh 1 .
1.98 djm 239: .It Fl R
240: Copies between two remote hosts are performed by connecting to the origin
241: host and executing
242: .Nm
243: there.
244: This requires that
245: .Nm
246: running on the origin host can authenticate to the destination host without
247: requiring a password.
1.29 jmc 248: .It Fl r
249: Recursively copy entire directories.
1.45 dtucker 250: Note that
251: .Nm
252: follows symbolic links encountered in the tree traversal.
1.10 deraadt 253: .It Fl S Ar program
254: Name of
255: .Ar program
1.12 aaron 256: to use for the encrypted connection.
257: The program must understand
1.9 deraadt 258: .Xr ssh 1
259: options.
1.104 djm 260: .It Fl s
1.105 ! djm 261: Use the SFTP protocol for transfers rather than the original scp protocol.
1.85 djm 262: .It Fl T
263: Disable strict filename checking.
264: By default when copying files from a remote host to a local directory
265: .Nm
266: checks that the received filenames match those requested on the command-line
267: to prevent the remote end from sending unexpected or unwanted files.
268: Because of differences in how various operating systems and shells interpret
269: filename wildcards, these checks may cause wanted files to be rejected.
270: This option disables these checks at the expense of fully trusting that
271: the server will not send unexpected filenames.
1.29 jmc 272: .It Fl v
273: Verbose mode.
274: Causes
1.24 markus 275: .Nm
1.29 jmc 276: and
277: .Xr ssh 1
278: to print debugging messages about their progress.
279: This is helpful in
280: debugging connection, authentication, and configuration problems.
1.8 aaron 281: .El
1.51 jmc 282: .Sh EXIT STATUS
1.40 jmc 283: .Ex -std scp
1.3 aaron 284: .Sh SEE ALSO
1.14 djm 285: .Xr sftp 1 ,
1.3 aaron 286: .Xr ssh 1 ,
287: .Xr ssh-add 1 ,
288: .Xr ssh-agent 1 ,
289: .Xr ssh-keygen 1 ,
1.23 stevesk 290: .Xr ssh_config 5 ,
1.99 djm 291: .Xr sftp-server 8 ,
1.3 aaron 292: .Xr sshd 8
1.28 jmc 293: .Sh HISTORY
294: .Nm
1.62 tedu 295: is based on the rcp program in
1.60 jmc 296: .Bx
297: source code from the Regents of the University of California.
1.28 jmc 298: .Sh AUTHORS
1.59 schwarze 299: .An Timo Rinne Aq Mt tri@iki.fi
300: .An Tatu Ylonen Aq Mt ylo@cs.hut.fi
1.102 jmc 301: .Sh CAVEATS
1.104 djm 302: The original SCP protocol (used by default) requires execution of the
303: remote user's shell to perform
1.102 jmc 304: .Xr glob 3
305: pattern matching.
306: This requires careful quoting of any characters that have special meaning to
307: the remote shell, such as quote characters.