4 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
6 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
7 .\" All rights reserved
9 .\" Created: Sun May 7 00:14:37 1995 ylo
11 .\" $OpenBSD: scp.1,v 1.112 2022/12/16 07:13:22 djm Exp $
13 .Dd $Mdocdate: December 16 2022 $
18 .Nd OpenSSH secure file copy
23 .Op Fl D Ar sftp_server_path
24 .Op Fl F Ar ssh_config
25 .Op Fl i Ar identity_file
26 .Op Fl J Ar destination
28 .Op Fl o Ar ssh_option
31 .Op Fl X Ar sftp_option
35 copies files between hosts on a network.
38 uses the SFTP protocol over a
40 connection for data transfer, and uses the same authentication and provides
41 the same security as a login session.
44 will ask for passwords or passphrases if they are needed for
51 may be specified as a local pathname, a remote host with optional path
54 .Oo user @ Oc host : Op path ,
58 .No scp:// Oo user @ Oc host Oo : port Oc Op / path .
60 Local file names can be made explicit using absolute or relative pathnames
63 treating file names containing
67 When copying between two remote hosts, if the URI format is used, a
69 cannot be specified on the
75 The options are as follows:
78 Copies between two remote hosts are transferred through the local host.
79 Without this option the data is copied directly between the two remote
81 Note that, when using the original SCP protocol (the default), this option
82 selects batch mode for the second host as
84 cannot ask for passwords or passphrases for both hosts.
85 This mode is the default.
89 to use IPv4 addresses only.
93 to use IPv6 addresses only.
98 The default is not to forward an authentication agent.
100 Selects batch mode (prevents asking for passwords or passphrases).
107 to enable compression.
109 Selects the cipher to use for encrypting the data transfer.
110 This option is directly passed to
112 .It Fl D Ar sftp_server_path
113 Connect directly to a local SFTP server program rather than a
116 This option may be useful in debugging the client and server.
117 .It Fl F Ar ssh_config
118 Specifies an alternative
119 per-user configuration file for
121 This option is directly passed to
123 .It Fl i Ar identity_file
124 Selects the file from which the identity (private key) for public key
125 authentication is read.
126 This option is directly passed to
128 .It Fl J Ar destination
129 Connect to the target host by first making an
131 connection to the jump host described by
133 and then establishing a TCP forwarding to the ultimate destination from
135 Multiple jump hops may be specified separated by comma characters.
136 This is a shortcut to specify a
138 configuration directive.
139 This option is directly passed to
142 Limits the used bandwidth, specified in Kbit/s.
144 Use the original SCP protocol for file transfers instead of the SFTP protocol.
145 Forcing the use of the SCP protocol may be necessary for servers that do
146 not implement SFTP, for backwards-compatibility for particular filename
147 wildcard patterns and for expanding paths with a
149 prefix for older SFTP servers.
150 This mode is the default.
151 .It Fl o Ar ssh_option
152 Can be used to pass options to
154 in the format used in
156 This is useful for specifying options
157 for which there is no separate
160 For full details of the options listed below, and their possible values, see
163 .Bl -tag -width Ds -offset indent -compact
169 .It CanonicalizeFallbackLocal
170 .It CanonicalizeHostname
171 .It CanonicalizeMaxDots
172 .It CanonicalizePermittedCNAMEs
173 .It CASignatureAlgorithms
178 .It ConnectionAttempts
183 .It GlobalKnownHostsFile
184 .It GSSAPIAuthentication
185 .It GSSAPIDelegateCredentials
188 .It HostbasedAcceptedAlgorithms
189 .It HostbasedAuthentication
190 .It HostKeyAlgorithms
197 .It KbdInteractiveAuthentication
198 .It KbdInteractiveDevices
200 .It KnownHostsCommand
203 .It NoHostAuthenticationForLocalhost
204 .It NumberOfPasswordPrompts
205 .It PasswordAuthentication
208 .It PreferredAuthentications
211 .It PubkeyAcceptedAlgorithms
212 .It PubkeyAuthentication
216 .It ServerAliveInterval
217 .It ServerAliveCountMax
219 .It StrictHostKeyChecking
223 .It UserKnownHostsFile
227 Specifies the port to connect to on the remote host.
228 Note that this option is written with a capital
232 is already reserved for preserving the times and mode bits of the file.
234 Preserves modification times, access times, and file mode bits from the
237 Quiet mode: disables the progress meter as well as warning and diagnostic
241 Copies between two remote hosts are performed by connecting to the origin
247 running on the origin host can authenticate to the destination host without
248 requiring a password.
250 Recursively copy entire directories.
253 follows symbolic links encountered in the tree traversal.
257 to use for the encrypted connection.
258 The program must understand
262 Use the SFTP protocol for transfers rather than the original scp protocol.
264 Disable strict filename checking.
265 By default when copying files from a remote host to a local directory
267 checks that the received filenames match those requested on the command-line
268 to prevent the remote end from sending unexpected or unwanted files.
269 Because of differences in how various operating systems and shells interpret
270 filename wildcards, these checks may cause wanted files to be rejected.
271 This option disables these checks at the expense of fully trusting that
272 the server will not send unexpected filenames.
279 to print debugging messages about their progress.
281 debugging connection, authentication, and configuration problems.
282 .It Fl X Ar sftp_option
283 Specify an option that controls aspects of SFTP protocol behaviour.
284 The valid options are:
286 .It Cm nrequests Ns = Ns Ar value
287 Controls how many concurrent SFTP read or write requests may be in progress
288 at any point in time during a download or upload.
289 By default 64 requests may be active concurrently.
290 .It Cm buffer Ns = Ns Ar value
291 Controls the maximum buffer size for a single SFTP read/write operation used
292 during download or upload.
293 By default a 32KB buffer is used.
309 is based on the rcp program in
311 source code from the Regents of the University of California.
313 .An Timo Rinne Aq Mt tri@iki.fi
314 .An Tatu Ylonen Aq Mt ylo@cs.hut.fi
316 The original SCP protocol (used by default) requires execution of the
317 remote user's shell to perform
320 This requires careful quoting of any characters that have special meaning to
321 the remote shell, such as quote characters.