4 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
6 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
7 .\" All rights reserved
9 .\" Created: Sun May 7 00:14:37 1995 ylo
11 .\" $OpenBSD: scp.1,v 1.110 2022/09/19 21:39:16 djm Exp $
13 .Dd $Mdocdate: September 19 2022 $
18 .Nd OpenSSH secure file copy
23 .Op Fl D Ar sftp_server_path
24 .Op Fl F Ar ssh_config
25 .Op Fl i Ar identity_file
26 .Op Fl J Ar destination
28 .Op Fl o Ar ssh_option
34 copies files between hosts on a network.
38 for data transfer, and uses the same authentication and provides the
39 same security as a login session.
42 will ask for passwords or passphrases if they are needed for
49 may be specified as a local pathname, a remote host with optional path
52 .Oo user @ Oc host : Op path ,
56 .No scp:// Oo user @ Oc host Oo : port Oc Op / path .
58 Local file names can be made explicit using absolute or relative pathnames
61 treating file names containing
65 When copying between two remote hosts, if the URI format is used, a
67 cannot be specified on the
73 The options are as follows:
76 Copies between two remote hosts are transferred through the local host.
77 Without this option the data is copied directly between the two remote
79 Note that, when using the legacy SCP protocol (via the
82 selects batch mode for the second host as
84 cannot ask for passwords or passphrases for both hosts.
85 This mode is the default.
89 to use IPv4 addresses only.
93 to use IPv6 addresses only.
98 The default is not to forward an authentication agent.
100 Selects batch mode (prevents asking for passwords or passphrases).
107 to enable compression.
109 Selects the cipher to use for encrypting the data transfer.
110 This option is directly passed to
112 .It Fl D Ar sftp_server_path
113 When using the SFTP protocol support via
115 connect directly to a local SFTP server program rather than a
118 This option may be useful in debugging the client and server.
119 .It Fl F Ar ssh_config
120 Specifies an alternative
121 per-user configuration file for
123 This option is directly passed to
125 .It Fl i Ar identity_file
126 Selects the file from which the identity (private key) for public key
127 authentication is read.
128 This option is directly passed to
130 .It Fl J Ar destination
131 Connect to the target host by first making an
133 connection to the jump host described by
135 and then establishing a TCP forwarding to the ultimate destination from
137 Multiple jump hops may be specified separated by comma characters.
138 This is a shortcut to specify a
140 configuration directive.
141 This option is directly passed to
144 Limits the used bandwidth, specified in Kbit/s.
146 Use the legacy SCP protocol for file transfers instead of the SFTP protocol.
147 Forcing the use of the SCP protocol may be necessary for servers that do
148 not implement SFTP, for backwards-compatibility for particular filename
149 wildcard patterns and for expanding paths with a
151 prefix for older SFTP servers.
152 .It Fl o Ar ssh_option
153 Can be used to pass options to
155 in the format used in
157 This is useful for specifying options
158 for which there is no separate
161 For full details of the options listed below, and their possible values, see
164 .Bl -tag -width Ds -offset indent -compact
170 .It CanonicalizeFallbackLocal
171 .It CanonicalizeHostname
172 .It CanonicalizeMaxDots
173 .It CanonicalizePermittedCNAMEs
174 .It CASignatureAlgorithms
179 .It ConnectionAttempts
184 .It GlobalKnownHostsFile
185 .It GSSAPIAuthentication
186 .It GSSAPIDelegateCredentials
189 .It HostbasedAcceptedAlgorithms
190 .It HostbasedAuthentication
191 .It HostKeyAlgorithms
198 .It KbdInteractiveAuthentication
199 .It KbdInteractiveDevices
201 .It KnownHostsCommand
204 .It NoHostAuthenticationForLocalhost
205 .It NumberOfPasswordPrompts
206 .It PasswordAuthentication
209 .It PreferredAuthentications
212 .It PubkeyAcceptedAlgorithms
213 .It PubkeyAuthentication
217 .It ServerAliveInterval
218 .It ServerAliveCountMax
220 .It StrictHostKeyChecking
224 .It UserKnownHostsFile
228 Specifies the port to connect to on the remote host.
229 Note that this option is written with a capital
233 is already reserved for preserving the times and mode bits of the file.
235 Preserves modification times, access times, and file mode bits from the
238 Quiet mode: disables the progress meter as well as warning and diagnostic
242 Copies between two remote hosts are performed by connecting to the origin
248 running on the origin host can authenticate to the destination host without
249 requiring a password.
251 Recursively copy entire directories.
254 follows symbolic links encountered in the tree traversal.
258 to use for the encrypted connection.
259 The program must understand
263 Disable strict filename checking.
264 By default when copying files from a remote host to a local directory
266 checks that the received filenames match those requested on the command-line
267 to prevent the remote end from sending unexpected or unwanted files.
268 Because of differences in how various operating systems and shells interpret
269 filename wildcards, these checks may cause wanted files to be rejected.
270 This option disables these checks at the expense of fully trusting that
271 the server will not send unexpected filenames.
278 to print debugging messages about their progress.
280 debugging connection, authentication, and configuration problems.
295 is based on the rcp program in
297 source code from the Regents of the University of California.
301 has used the SFTP protocol for transfers by default.
303 .An Timo Rinne Aq Mt tri@iki.fi
304 .An Tatu Ylonen Aq Mt ylo@cs.hut.fi
306 The legacy SCP protocol (selected by the
308 flag) requires execution of the remote user's shell to perform
311 This requires careful quoting of any characters that have special meaning to
312 the remote shell, such as quote characters.