Annotation of src/usr.bin/ssh/scp.1, Revision 1.98
1.1 deraadt 1: .\"
2: .\" scp.1
3: .\"
4: .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
5: .\"
6: .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
7: .\" All rights reserved
8: .\"
9: .\" Created: Sun May 7 00:14:37 1995 ylo
10: .\"
1.98 ! djm 11: .\" $OpenBSD: scp.1,v 1.97 2021/08/02 23:38:27 djm Exp $
1.1 deraadt 12: .\"
1.98 ! djm 13: .Dd $Mdocdate: August 2 2021 $
1.3 aaron 14: .Dt SCP 1
15: .Os
16: .Sh NAME
17: .Nm scp
1.87 jmc 18: .Nd OpenSSH secure file copy
1.3 aaron 19: .Sh SYNOPSIS
20: .Nm scp
1.98 ! djm 21: .Op Fl 346ABCpqRrTv
1.29 jmc 22: .Op Fl c Ar cipher
1.97 djm 23: .Op Fl D Ar sftp_server_path
1.19 stevesk 24: .Op Fl F Ar ssh_config
1.84 jmc 25: .Op Fl i Ar identity_file
1.83 tb 26: .Op Fl J Ar destination
1.25 markus 27: .Op Fl l Ar limit
1.97 djm 28: .Op Fl M Ar scp | sftp
1.17 stevesk 29: .Op Fl o Ar ssh_option
1.29 jmc 30: .Op Fl P Ar port
31: .Op Fl S Ar program
1.76 jmc 32: .Ar source ... target
1.7 aaron 33: .Sh DESCRIPTION
1.3 aaron 34: .Nm
1.6 aaron 35: copies files between hosts on a network.
1.91 deraadt 36: .Pp
1.6 aaron 37: It uses
1.3 aaron 38: .Xr ssh 1
1.1 deraadt 39: for data transfer, and uses the same authentication and provides the
1.91 deraadt 40: same security as a login session.
41: The scp protocol requires execution of the remote user's shell to perform
42: .Xr glob 3
43: pattern matching.
44: .Pp
1.3 aaron 45: .Nm
1.1 deraadt 46: will ask for passwords or passphrases if they are needed for
47: authentication.
1.3 aaron 48: .Pp
1.75 millert 49: The
1.76 jmc 50: .Ar source
51: and
1.75 millert 52: .Ar target
53: may be specified as a local pathname, a remote host with optional path
54: in the form
1.76 jmc 55: .Sm off
56: .Oo user @ Oc host : Op path ,
57: .Sm on
58: or a URI in the form
59: .Sm off
60: .No scp:// Oo user @ Oc host Oo : port Oc Op / path .
61: .Sm on
1.44 jmc 62: Local file names can be made explicit using absolute or relative pathnames
63: to avoid
64: .Nm
65: treating file names containing
66: .Sq :\&
67: as host specifiers.
1.75 millert 68: .Pp
69: When copying between two remote hosts, if the URI format is used, a
70: .Ar port
71: may only be specified on the
72: .Ar target
73: if the
74: .Fl 3
75: option is used.
1.3 aaron 76: .Pp
77: The options are as follows:
78: .Bl -tag -width Ds
1.55 markus 79: .It Fl 3
80: Copies between two remote hosts are transferred through the local host.
81: Without this option the data is copied directly between the two remote
82: hosts.
1.98 ! djm 83: Note that, when using the legacy SCP protocol (the default), this option
! 84: selects batch mode for the second host as
1.89 jmc 85: .Nm
86: cannot ask for passwords or passphrases for both hosts.
1.98 ! djm 87: This mode is the default.
1.29 jmc 88: .It Fl 4
89: Forces
90: .Nm
91: to use IPv4 addresses only.
92: .It Fl 6
93: Forces
1.3 aaron 94: .Nm
1.29 jmc 95: to use IPv6 addresses only.
1.90 djm 96: .It Fl A
97: Allows forwarding of
98: .Xr ssh-agent 1
99: to the remote system.
100: The default is not to forward an authentication agent.
1.3 aaron 101: .It Fl B
1.1 deraadt 102: Selects batch mode (prevents asking for passwords or passphrases).
1.3 aaron 103: .It Fl C
1.6 aaron 104: Compression enable.
105: Passes the
1.3 aaron 106: .Fl C
107: flag to
108: .Xr ssh 1
1.1 deraadt 109: to enable compression.
1.29 jmc 110: .It Fl c Ar cipher
111: Selects the cipher to use for encrypting the data transfer.
112: This option is directly passed to
113: .Xr ssh 1 .
1.97 djm 114: .It Fl D Ar sftp_server_path
115: When using the experimental SFTP protocol support via
116: .Fl M ,
117: connect directly to a local SFTP server program rather than a
118: remote one via
119: .Xr ssh 1 .
120: This option may be useful in debugging the client and server.
1.19 stevesk 121: .It Fl F Ar ssh_config
122: Specifies an alternative
123: per-user configuration file for
124: .Nm ssh .
125: This option is directly passed to
126: .Xr ssh 1 .
1.29 jmc 127: .It Fl i Ar identity_file
1.46 djm 128: Selects the file from which the identity (private key) for public key
1.29 jmc 129: authentication is read.
1.82 tb 130: This option is directly passed to
131: .Xr ssh 1 .
132: .It Fl J Ar destination
1.84 jmc 133: Connect to the target host by first making an
1.82 tb 134: .Nm
135: connection to the jump host described by
136: .Ar destination
137: and then establishing a TCP forwarding to the ultimate destination from
138: there.
139: Multiple jump hops may be specified separated by comma characters.
140: This is a shortcut to specify a
141: .Cm ProxyJump
142: configuration directive.
1.29 jmc 143: This option is directly passed to
144: .Xr ssh 1 .
145: .It Fl l Ar limit
146: Limits the used bandwidth, specified in Kbit/s.
1.97 djm 147: .It Fl M Ar scp | sftp
148: Specifies a mode which will be used to transfer files.
149: The default is to use the original
150: .Cm scp
151: protocol.
152: Alternately, experimental support for using the
153: .Cm sftp
154: protocol is available.
1.29 jmc 155: .It Fl o Ar ssh_option
156: Can be used to pass options to
157: .Nm ssh
158: in the format used in
159: .Xr ssh_config 5 .
160: This is useful for specifying options
161: for which there is no separate
162: .Nm scp
163: command-line flag.
164: For full details of the options listed below, and their possible values, see
165: .Xr ssh_config 5 .
166: .Pp
167: .Bl -tag -width Ds -offset indent -compact
168: .It AddressFamily
169: .It BatchMode
170: .It BindAddress
1.77 jmc 171: .It BindInterface
1.61 djm 172: .It CanonicalDomains
173: .It CanonicalizeFallbackLocal
174: .It CanonicalizeHostname
175: .It CanonicalizeMaxDots
176: .It CanonicalizePermittedCNAMEs
1.81 jmc 177: .It CASignatureAlgorithms
1.68 jmc 178: .It CertificateFile
1.29 jmc 179: .It CheckHostIP
180: .It Ciphers
181: .It Compression
1.74 naddy 182: .It ConnectionAttempts
1.34 dtucker 183: .It ConnectTimeout
1.36 djm 184: .It ControlMaster
185: .It ControlPath
1.57 djm 186: .It ControlPersist
1.29 jmc 187: .It GlobalKnownHostsFile
188: .It GSSAPIAuthentication
189: .It GSSAPIDelegateCredentials
1.38 jmc 190: .It HashKnownHosts
1.29 jmc 191: .It Host
1.95 naddy 192: .It HostbasedAcceptedAlgorithms
1.29 jmc 193: .It HostbasedAuthentication
194: .It HostKeyAlgorithms
195: .It HostKeyAlias
1.86 jmc 196: .It Hostname
1.70 jmc 197: .It IdentitiesOnly
1.69 markus 198: .It IdentityAgent
1.29 jmc 199: .It IdentityFile
1.54 jmc 200: .It IPQoS
1.57 djm 201: .It KbdInteractiveAuthentication
1.37 djm 202: .It KbdInteractiveDevices
1.52 jmc 203: .It KexAlgorithms
1.92 jmc 204: .It KnownHostsCommand
1.29 jmc 205: .It LogLevel
206: .It MACs
207: .It NoHostAuthenticationForLocalhost
208: .It NumberOfPasswordPrompts
209: .It PasswordAuthentication
1.50 markus 210: .It PKCS11Provider
1.29 jmc 211: .It Port
212: .It PreferredAuthentications
213: .It ProxyCommand
1.71 jmc 214: .It ProxyJump
1.93 dtucker 215: .It PubkeyAcceptedAlgorithms
1.29 jmc 216: .It PubkeyAuthentication
1.39 dtucker 217: .It RekeyLimit
1.35 jmc 218: .It SendEnv
1.32 markus 219: .It ServerAliveInterval
220: .It ServerAliveCountMax
1.79 jmc 221: .It SetEnv
1.29 jmc 222: .It StrictHostKeyChecking
1.31 markus 223: .It TCPKeepAlive
1.65 jmc 224: .It UpdateHostKeys
1.29 jmc 225: .It User
226: .It UserKnownHostsFile
227: .It VerifyHostKeyDNS
228: .El
1.4 markus 229: .It Fl P Ar port
1.6 aaron 230: Specifies the port to connect to on the remote host.
231: Note that this option is written with a capital
1.3 aaron 232: .Sq P ,
233: because
234: .Fl p
1.62 tedu 235: is already reserved for preserving the times and modes of the file.
1.29 jmc 236: .It Fl p
237: Preserves modification times, access times, and modes from the
238: original file.
239: .It Fl q
1.43 djm 240: Quiet mode: disables the progress meter as well as warning and diagnostic
241: messages from
242: .Xr ssh 1 .
1.98 ! djm 243: .It Fl R
! 244: Copies between two remote hosts are performed by connecting to the origin
! 245: host and executing
! 246: .Nm
! 247: there.
! 248: This requires that
! 249: .Nm
! 250: running on the origin host can authenticate to the destination host without
! 251: requiring a password.
1.29 jmc 252: .It Fl r
253: Recursively copy entire directories.
1.45 dtucker 254: Note that
255: .Nm
256: follows symbolic links encountered in the tree traversal.
1.10 deraadt 257: .It Fl S Ar program
258: Name of
259: .Ar program
1.12 aaron 260: to use for the encrypted connection.
261: The program must understand
1.9 deraadt 262: .Xr ssh 1
263: options.
1.85 djm 264: .It Fl T
265: Disable strict filename checking.
266: By default when copying files from a remote host to a local directory
267: .Nm
268: checks that the received filenames match those requested on the command-line
269: to prevent the remote end from sending unexpected or unwanted files.
270: Because of differences in how various operating systems and shells interpret
271: filename wildcards, these checks may cause wanted files to be rejected.
272: This option disables these checks at the expense of fully trusting that
273: the server will not send unexpected filenames.
1.29 jmc 274: .It Fl v
275: Verbose mode.
276: Causes
1.24 markus 277: .Nm
1.29 jmc 278: and
279: .Xr ssh 1
280: to print debugging messages about their progress.
281: This is helpful in
282: debugging connection, authentication, and configuration problems.
1.8 aaron 283: .El
1.51 jmc 284: .Sh EXIT STATUS
1.40 jmc 285: .Ex -std scp
1.3 aaron 286: .Sh SEE ALSO
1.14 djm 287: .Xr sftp 1 ,
1.3 aaron 288: .Xr ssh 1 ,
289: .Xr ssh-add 1 ,
290: .Xr ssh-agent 1 ,
291: .Xr ssh-keygen 1 ,
1.23 stevesk 292: .Xr ssh_config 5 ,
1.3 aaron 293: .Xr sshd 8
1.28 jmc 294: .Sh HISTORY
295: .Nm
1.62 tedu 296: is based on the rcp program in
1.60 jmc 297: .Bx
298: source code from the Regents of the University of California.
1.28 jmc 299: .Sh AUTHORS
1.59 schwarze 300: .An Timo Rinne Aq Mt tri@iki.fi
301: .An Tatu Ylonen Aq Mt ylo@cs.hut.fi