| scp | |
|---|---|
| Developer | The OpenSSH Project |
| Written in | C |
| Operating system | Cross-platform |
| Type | Command,Communication protocol |
| Website | www |
| Repository | github |
Secure copy protocol (SCP) is a means of securely transferringcomputer files between a local host and a remotehost or between two remote hosts. It is based on theSecure Shell (SSH) protocol.[1] "SCP" commonly refers to both the Secure Copy Protocol and the program itself.[2]
According toOpenSSH developers in April 2019, SCP is outdated, inflexible and not readily fixed; they recommend the use of more modern protocols likeSFTP andrsync for file transfer.[3] As of OpenSSH version 9.0,scp client therefore uses SFTP for file transfers by default instead of the legacy SCP/RCP protocol.[4]
TheSCP is anetwork protocol, based on theBSDRCP protocol,[5] which supportsfile transfers between hosts on a network. SCP usesSecure Shell (SSH) for data transfer and uses the same mechanisms for authentication, thereby ensuring theauthenticity andconfidentiality of thedata in transit. A client can send (upload) files to a server, optionally including their basic attributes (permissions, timestamps). Clients can also request files or directories from a server (download). SCP runs overTCP port 22 by default.[6] Like RCP, there is noRFC that defines the specifics of the protocol.
Normally, a client initiates an SSH connection to the remote host, and requests an SCP process to be started on the remote server. The remote SCP process can operate in one of two modes:
For most SCP clients, source mode is generally triggered with the-f flag (from), while sink mode is triggered with-t (to).[2] These flags are used internally and are not documented outside the SCP source code.
In the past, in remote-to-remote secure copy, the SCP client would open an SSH connection to the source host and request that it, in turn, open an SCP connection to the destination. (Remote-to-remote mode did not support opening two SCP connections and using the originating client as an intermediary). SCP thus could not be used to remotely copy from the source to the destination when operating in password or keyboard-interactive authentication mode, as this would reveal the destination server's authentication credentials to the source. It was, however, possible with key-based orGSSAPI methods that do not require user input.[2]
More recently, remote-to-remote mode supports routing traffic through the client which originated the transfer, even though it is a 3rd party to the transfer. This way, authorization credentials must reside only on the originating client, the 3rd party.[7]
SCP does not expect text communicating with the SSH login shell. Text transmitted due to the SSH profile (e.g.echo "Welcome" in the.bashrc file) is interpreted as an error message, and a null line (echo "") causes SCP client to deadlock waiting for the error message to complete.[2]
TheSCP program[8] is a software tool implementing the SCP protocol as a service daemon or client. It is a program to perform secure copying.
Perhaps the most widely used SCP program is the OpenSSHcommand linescp program, which is provided in most SSH implementations. Thescp program is the secure analog of thercp command. Thescp program must be part of all SSH servers that want to provide SCP service, asscp functions as SCP server too. Since OpenSSH 9.0, the program has been updated to use the newer, more secureSFTP protocol; an-O option is added for using SCP with old SCP-only servers.[4]
Typically, a syntax ofscp program[9] is like the syntax ofcp (copy):
Copying local file to a remote host:
scpLocalSourceFileuser@remotehost:directory/TargetFile
Copying file from remote host and recursively copying folder (with-r switch) from remote host:
scpuser@remotehost:directory/SourceFileLocalTargetFilescp -ruser@host:directory/SourceFolderLocalTargetFolder
Note that if the remote host uses a port other than the default of 22, it can be specified in the command. For example, copying a file from host:
scp -P 2222user@host:directory/SourceFileTargetFile
As theSecure Copy Protocol implements file transfers only,GUI SCP clients are rare, as implementing it requires additional functionality (directory listing at least). For example,WinSCP defaults to the SFTP protocol.[10] Even when operating in SCP mode, clients like WinSCP are typically not pure SCP clients, as they must use other means to implement the additional functionality (like thels command).[11] This in turn brings platform-dependency problems.
More comprehensive tools for managing files over SSH areSFTP clients.
In 2019 vulnerabilityCVE-2019-6111[12] was announced related to theopenssh SCP tool and protocol allowing users to overwrite arbitrary files in the SCP client target directory.
