Annotation of src/usr.bin/ssh/scp.1, Revision 1.99
1.1 deraadt 1: .\"
2: .\" scp.1
3: .\"
4: .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
5: .\"
6: .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
7: .\" All rights reserved
8: .\"
9: .\" Created: Sun May 7 00:14:37 1995 ylo
10: .\"
1.99 ! djm 11: .\" $OpenBSD: scp.1,v 1.98 2021/08/09 23:56:36 djm Exp $
1.1 deraadt 12: .\"
1.99 ! djm 13: .Dd $Mdocdate: August 9 2021 $
1.3 aaron 14: .Dt SCP 1
15: .Os
16: .Sh NAME
17: .Nm scp
1.87 jmc 18: .Nd OpenSSH secure file copy
1.3 aaron 19: .Sh SYNOPSIS
20: .Nm scp
1.99 ! djm 21: .Op Fl 346ABCOpqRrsTv
1.29 jmc 22: .Op Fl c Ar cipher
1.97 djm 23: .Op Fl D Ar sftp_server_path
1.19 stevesk 24: .Op Fl F Ar ssh_config
1.84 jmc 25: .Op Fl i Ar identity_file
1.83 tb 26: .Op Fl J Ar destination
1.25 markus 27: .Op Fl l Ar limit
1.17 stevesk 28: .Op Fl o Ar ssh_option
1.29 jmc 29: .Op Fl P Ar port
30: .Op Fl S Ar program
1.76 jmc 31: .Ar source ... target
1.7 aaron 32: .Sh DESCRIPTION
1.3 aaron 33: .Nm
1.6 aaron 34: copies files between hosts on a network.
1.91 deraadt 35: .Pp
1.6 aaron 36: It uses
1.3 aaron 37: .Xr ssh 1
1.1 deraadt 38: for data transfer, and uses the same authentication and provides the
1.91 deraadt 39: same security as a login session.
40: The scp protocol requires execution of the remote user's shell to perform
41: .Xr glob 3
42: pattern matching.
43: .Pp
1.3 aaron 44: .Nm
1.1 deraadt 45: will ask for passwords or passphrases if they are needed for
46: authentication.
1.3 aaron 47: .Pp
1.75 millert 48: The
1.76 jmc 49: .Ar source
50: and
1.75 millert 51: .Ar target
52: may be specified as a local pathname, a remote host with optional path
53: in the form
1.76 jmc 54: .Sm off
55: .Oo user @ Oc host : Op path ,
56: .Sm on
57: or a URI in the form
58: .Sm off
59: .No scp:// Oo user @ Oc host Oo : port Oc Op / path .
60: .Sm on
1.44 jmc 61: Local file names can be made explicit using absolute or relative pathnames
62: to avoid
63: .Nm
64: treating file names containing
65: .Sq :\&
66: as host specifiers.
1.75 millert 67: .Pp
68: When copying between two remote hosts, if the URI format is used, a
69: .Ar port
70: may only be specified on the
71: .Ar target
72: if the
73: .Fl 3
74: option is used.
1.3 aaron 75: .Pp
76: The options are as follows:
77: .Bl -tag -width Ds
1.55 markus 78: .It Fl 3
79: Copies between two remote hosts are transferred through the local host.
80: Without this option the data is copied directly between the two remote
81: hosts.
1.98 djm 82: Note that, when using the legacy SCP protocol (the default), this option
83: selects batch mode for the second host as
1.89 jmc 84: .Nm
85: cannot ask for passwords or passphrases for both hosts.
1.98 djm 86: This mode is the default.
1.29 jmc 87: .It Fl 4
88: Forces
89: .Nm
90: to use IPv4 addresses only.
91: .It Fl 6
92: Forces
1.3 aaron 93: .Nm
1.29 jmc 94: to use IPv6 addresses only.
1.90 djm 95: .It Fl A
96: Allows forwarding of
97: .Xr ssh-agent 1
98: to the remote system.
99: The default is not to forward an authentication agent.
1.3 aaron 100: .It Fl B
1.1 deraadt 101: Selects batch mode (prevents asking for passwords or passphrases).
1.3 aaron 102: .It Fl C
1.6 aaron 103: Compression enable.
104: Passes the
1.3 aaron 105: .Fl C
106: flag to
107: .Xr ssh 1
1.1 deraadt 108: to enable compression.
1.29 jmc 109: .It Fl c Ar cipher
110: Selects the cipher to use for encrypting the data transfer.
111: This option is directly passed to
112: .Xr ssh 1 .
1.97 djm 113: .It Fl D Ar sftp_server_path
1.99 ! djm 114: When using the SFTP protocol support via
1.97 djm 115: .Fl M ,
116: connect directly to a local SFTP server program rather than a
117: remote one via
118: .Xr ssh 1 .
119: This option may be useful in debugging the client and server.
1.19 stevesk 120: .It Fl F Ar ssh_config
121: Specifies an alternative
122: per-user configuration file for
123: .Nm ssh .
124: This option is directly passed to
125: .Xr ssh 1 .
1.29 jmc 126: .It Fl i Ar identity_file
1.46 djm 127: Selects the file from which the identity (private key) for public key
1.29 jmc 128: authentication is read.
1.82 tb 129: This option is directly passed to
130: .Xr ssh 1 .
131: .It Fl J Ar destination
1.84 jmc 132: Connect to the target host by first making an
1.82 tb 133: .Nm
134: connection to the jump host described by
135: .Ar destination
136: and then establishing a TCP forwarding to the ultimate destination from
137: there.
138: Multiple jump hops may be specified separated by comma characters.
139: This is a shortcut to specify a
140: .Cm ProxyJump
141: configuration directive.
1.29 jmc 142: This option is directly passed to
143: .Xr ssh 1 .
144: .It Fl l Ar limit
145: Limits the used bandwidth, specified in Kbit/s.
1.99 ! djm 146: .It Fl O
! 147: Use the legacy SCP protocol for file transfers instead of the SFTP protocol.
! 148: Forcing the use of the SCP protocol may be necessary for servers that do
! 149: not implement SFTP or for backwards-compatibility for particular filename
! 150: wildcard patterns.
! 151: This mode is the default.
1.29 jmc 152: .It Fl o Ar ssh_option
153: Can be used to pass options to
154: .Nm ssh
155: in the format used in
156: .Xr ssh_config 5 .
157: This is useful for specifying options
158: for which there is no separate
159: .Nm scp
160: command-line flag.
161: For full details of the options listed below, and their possible values, see
162: .Xr ssh_config 5 .
163: .Pp
164: .Bl -tag -width Ds -offset indent -compact
165: .It AddressFamily
166: .It BatchMode
167: .It BindAddress
1.77 jmc 168: .It BindInterface
1.61 djm 169: .It CanonicalDomains
170: .It CanonicalizeFallbackLocal
171: .It CanonicalizeHostname
172: .It CanonicalizeMaxDots
173: .It CanonicalizePermittedCNAMEs
1.81 jmc 174: .It CASignatureAlgorithms
1.68 jmc 175: .It CertificateFile
1.29 jmc 176: .It CheckHostIP
177: .It Ciphers
178: .It Compression
1.74 naddy 179: .It ConnectionAttempts
1.34 dtucker 180: .It ConnectTimeout
1.36 djm 181: .It ControlMaster
182: .It ControlPath
1.57 djm 183: .It ControlPersist
1.29 jmc 184: .It GlobalKnownHostsFile
185: .It GSSAPIAuthentication
186: .It GSSAPIDelegateCredentials
1.38 jmc 187: .It HashKnownHosts
1.29 jmc 188: .It Host
1.95 naddy 189: .It HostbasedAcceptedAlgorithms
1.29 jmc 190: .It HostbasedAuthentication
191: .It HostKeyAlgorithms
192: .It HostKeyAlias
1.86 jmc 193: .It Hostname
1.70 jmc 194: .It IdentitiesOnly
1.69 markus 195: .It IdentityAgent
1.29 jmc 196: .It IdentityFile
1.54 jmc 197: .It IPQoS
1.57 djm 198: .It KbdInteractiveAuthentication
1.37 djm 199: .It KbdInteractiveDevices
1.52 jmc 200: .It KexAlgorithms
1.92 jmc 201: .It KnownHostsCommand
1.29 jmc 202: .It LogLevel
203: .It MACs
204: .It NoHostAuthenticationForLocalhost
205: .It NumberOfPasswordPrompts
206: .It PasswordAuthentication
1.50 markus 207: .It PKCS11Provider
1.29 jmc 208: .It Port
209: .It PreferredAuthentications
210: .It ProxyCommand
1.71 jmc 211: .It ProxyJump
1.93 dtucker 212: .It PubkeyAcceptedAlgorithms
1.29 jmc 213: .It PubkeyAuthentication
1.39 dtucker 214: .It RekeyLimit
1.35 jmc 215: .It SendEnv
1.32 markus 216: .It ServerAliveInterval
217: .It ServerAliveCountMax
1.79 jmc 218: .It SetEnv
1.29 jmc 219: .It StrictHostKeyChecking
1.31 markus 220: .It TCPKeepAlive
1.65 jmc 221: .It UpdateHostKeys
1.29 jmc 222: .It User
223: .It UserKnownHostsFile
224: .It VerifyHostKeyDNS
225: .El
1.4 markus 226: .It Fl P Ar port
1.6 aaron 227: Specifies the port to connect to on the remote host.
228: Note that this option is written with a capital
1.3 aaron 229: .Sq P ,
230: because
231: .Fl p
1.62 tedu 232: is already reserved for preserving the times and modes of the file.
1.29 jmc 233: .It Fl p
234: Preserves modification times, access times, and modes from the
235: original file.
236: .It Fl q
1.43 djm 237: Quiet mode: disables the progress meter as well as warning and diagnostic
238: messages from
239: .Xr ssh 1 .
1.98 djm 240: .It Fl R
241: Copies between two remote hosts are performed by connecting to the origin
242: host and executing
243: .Nm
244: there.
245: This requires that
246: .Nm
247: running on the origin host can authenticate to the destination host without
248: requiring a password.
1.29 jmc 249: .It Fl r
250: Recursively copy entire directories.
1.45 dtucker 251: Note that
252: .Nm
253: follows symbolic links encountered in the tree traversal.
1.10 deraadt 254: .It Fl S Ar program
255: Name of
256: .Ar program
1.12 aaron 257: to use for the encrypted connection.
258: The program must understand
1.9 deraadt 259: .Xr ssh 1
260: options.
1.99 ! djm 261: .It Fl s
! 262: Use the SFTP protocol for file transfers instead of the legacy SCP protocol.
! 263: Using SFTP provides avoids invoking a shell on the remote side and provides
! 264: more predictable filename handling, as the SCP protocol
! 265: relied on the remote shell for expanding
! 266: .Xr glob 3
! 267: wildcards.
! 268: .Pp
! 269: A near-future release of OpenSSH will make the SFTP protocol the default.
! 270: This option will be deleted before the end of 2022.
1.85 djm 271: .It Fl T
272: Disable strict filename checking.
273: By default when copying files from a remote host to a local directory
274: .Nm
275: checks that the received filenames match those requested on the command-line
276: to prevent the remote end from sending unexpected or unwanted files.
277: Because of differences in how various operating systems and shells interpret
278: filename wildcards, these checks may cause wanted files to be rejected.
279: This option disables these checks at the expense of fully trusting that
280: the server will not send unexpected filenames.
1.29 jmc 281: .It Fl v
282: Verbose mode.
283: Causes
1.24 markus 284: .Nm
1.29 jmc 285: and
286: .Xr ssh 1
287: to print debugging messages about their progress.
288: This is helpful in
289: debugging connection, authentication, and configuration problems.
1.8 aaron 290: .El
1.51 jmc 291: .Sh EXIT STATUS
1.40 jmc 292: .Ex -std scp
1.3 aaron 293: .Sh SEE ALSO
1.14 djm 294: .Xr sftp 1 ,
1.3 aaron 295: .Xr ssh 1 ,
296: .Xr ssh-add 1 ,
297: .Xr ssh-agent 1 ,
298: .Xr ssh-keygen 1 ,
1.23 stevesk 299: .Xr ssh_config 5 ,
1.99 ! djm 300: .Xr sftp-server 8 ,
1.3 aaron 301: .Xr sshd 8
1.28 jmc 302: .Sh HISTORY
303: .Nm
1.62 tedu 304: is based on the rcp program in
1.60 jmc 305: .Bx
306: source code from the Regents of the University of California.
1.28 jmc 307: .Sh AUTHORS
1.59 schwarze 308: .An Timo Rinne Aq Mt tri@iki.fi
309: .An Tatu Ylonen Aq Mt ylo@cs.hut.fi