mirror of
git://anongit.mindrot.org/openssh.git
synced 2024-12-18 16:14:34 +00:00
052a9d8494
openbsd 7.0 release shipped with the (hopefully last) scp that uses RCP protocol for copying. Let's get back to testing the SFTP protocol. OpenBSD-Commit-ID: 9eaa35d95fd547b78b0a043b3f518e135f151f30
312 lines
7.4 KiB
Groff
312 lines
7.4 KiB
Groff
.\"
|
|
.\" scp.1
|
|
.\"
|
|
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
|
|
.\"
|
|
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
|
.\" All rights reserved
|
|
.\"
|
|
.\" Created: Sun May 7 00:14:37 1995 ylo
|
|
.\"
|
|
.\" $OpenBSD: scp.1,v 1.106 2021/10/15 14:46:46 deraadt Exp $
|
|
.\"
|
|
.Dd $Mdocdate: October 15 2021 $
|
|
.Dt SCP 1
|
|
.Os
|
|
.Sh NAME
|
|
.Nm scp
|
|
.Nd OpenSSH secure file copy
|
|
.Sh SYNOPSIS
|
|
.Nm scp
|
|
.Op Fl 346ABCOpqRrsTv
|
|
.Op Fl c Ar cipher
|
|
.Op Fl D Ar sftp_server_path
|
|
.Op Fl F Ar ssh_config
|
|
.Op Fl i Ar identity_file
|
|
.Op Fl J Ar destination
|
|
.Op Fl l Ar limit
|
|
.Op Fl o Ar ssh_option
|
|
.Op Fl P Ar port
|
|
.Op Fl S Ar program
|
|
.Ar source ... target
|
|
.Sh DESCRIPTION
|
|
.Nm
|
|
copies files between hosts on a network.
|
|
.Pp
|
|
It uses
|
|
.Xr ssh 1
|
|
for data transfer, and uses the same authentication and provides the
|
|
same security as a login session.
|
|
.Pp
|
|
.Nm
|
|
will ask for passwords or passphrases if they are needed for
|
|
authentication.
|
|
.Pp
|
|
The
|
|
.Ar source
|
|
and
|
|
.Ar target
|
|
may be specified as a local pathname, a remote host with optional path
|
|
in the form
|
|
.Sm off
|
|
.Oo user @ Oc host : Op path ,
|
|
.Sm on
|
|
or a URI in the form
|
|
.Sm off
|
|
.No scp:// Oo user @ Oc host Oo : port Oc Op / path .
|
|
.Sm on
|
|
Local file names can be made explicit using absolute or relative pathnames
|
|
to avoid
|
|
.Nm
|
|
treating file names containing
|
|
.Sq :\&
|
|
as host specifiers.
|
|
.Pp
|
|
When copying between two remote hosts, if the URI format is used, a
|
|
.Ar port
|
|
cannot be specified on the
|
|
.Ar target
|
|
if the
|
|
.Fl R
|
|
option is used.
|
|
.Pp
|
|
The options are as follows:
|
|
.Bl -tag -width Ds
|
|
.It Fl 3
|
|
Copies between two remote hosts are transferred through the local host.
|
|
Without this option the data is copied directly between the two remote
|
|
hosts.
|
|
Note that, when using the legacy SCP protocol (via the
|
|
.Fl O
|
|
flag), this option
|
|
selects batch mode for the second host as
|
|
.Nm
|
|
cannot ask for passwords or passphrases for both hosts.
|
|
This mode is the default.
|
|
.It Fl 4
|
|
Forces
|
|
.Nm
|
|
to use IPv4 addresses only.
|
|
.It Fl 6
|
|
Forces
|
|
.Nm
|
|
to use IPv6 addresses only.
|
|
.It Fl A
|
|
Allows forwarding of
|
|
.Xr ssh-agent 1
|
|
to the remote system.
|
|
The default is not to forward an authentication agent.
|
|
.It Fl B
|
|
Selects batch mode (prevents asking for passwords or passphrases).
|
|
.It Fl C
|
|
Compression enable.
|
|
Passes the
|
|
.Fl C
|
|
flag to
|
|
.Xr ssh 1
|
|
to enable compression.
|
|
.It Fl c Ar cipher
|
|
Selects the cipher to use for encrypting the data transfer.
|
|
This option is directly passed to
|
|
.Xr ssh 1 .
|
|
.It Fl D Ar sftp_server_path
|
|
When using the SFTP protocol support via
|
|
.Fl M ,
|
|
connect directly to a local SFTP server program rather than a
|
|
remote one via
|
|
.Xr ssh 1 .
|
|
This option may be useful in debugging the client and server.
|
|
.It Fl F Ar ssh_config
|
|
Specifies an alternative
|
|
per-user configuration file for
|
|
.Nm ssh .
|
|
This option is directly passed to
|
|
.Xr ssh 1 .
|
|
.It Fl i Ar identity_file
|
|
Selects the file from which the identity (private key) for public key
|
|
authentication is read.
|
|
This option is directly passed to
|
|
.Xr ssh 1 .
|
|
.It Fl J Ar destination
|
|
Connect to the target host by first making an
|
|
.Nm
|
|
connection to the jump host described by
|
|
.Ar destination
|
|
and then establishing a TCP forwarding to the ultimate destination from
|
|
there.
|
|
Multiple jump hops may be specified separated by comma characters.
|
|
This is a shortcut to specify a
|
|
.Cm ProxyJump
|
|
configuration directive.
|
|
This option is directly passed to
|
|
.Xr ssh 1 .
|
|
.It Fl l Ar limit
|
|
Limits the used bandwidth, specified in Kbit/s.
|
|
.It Fl O
|
|
Use the legacy SCP protocol for file transfers instead of the SFTP protocol.
|
|
Forcing the use of the SCP protocol may be necessary for servers that do
|
|
not implement SFTP, for backwards-compatibility for particular filename
|
|
wildcard patterns and for expanding paths with a
|
|
.Sq ~
|
|
prefix for older SFTP servers.
|
|
.It Fl o Ar ssh_option
|
|
Can be used to pass options to
|
|
.Nm ssh
|
|
in the format used in
|
|
.Xr ssh_config 5 .
|
|
This is useful for specifying options
|
|
for which there is no separate
|
|
.Nm scp
|
|
command-line flag.
|
|
For full details of the options listed below, and their possible values, see
|
|
.Xr ssh_config 5 .
|
|
.Pp
|
|
.Bl -tag -width Ds -offset indent -compact
|
|
.It AddressFamily
|
|
.It BatchMode
|
|
.It BindAddress
|
|
.It BindInterface
|
|
.It CanonicalDomains
|
|
.It CanonicalizeFallbackLocal
|
|
.It CanonicalizeHostname
|
|
.It CanonicalizeMaxDots
|
|
.It CanonicalizePermittedCNAMEs
|
|
.It CASignatureAlgorithms
|
|
.It CertificateFile
|
|
.It CheckHostIP
|
|
.It Ciphers
|
|
.It Compression
|
|
.It ConnectionAttempts
|
|
.It ConnectTimeout
|
|
.It ControlMaster
|
|
.It ControlPath
|
|
.It ControlPersist
|
|
.It GlobalKnownHostsFile
|
|
.It GSSAPIAuthentication
|
|
.It GSSAPIDelegateCredentials
|
|
.It HashKnownHosts
|
|
.It Host
|
|
.It HostbasedAcceptedAlgorithms
|
|
.It HostbasedAuthentication
|
|
.It HostKeyAlgorithms
|
|
.It HostKeyAlias
|
|
.It Hostname
|
|
.It IdentitiesOnly
|
|
.It IdentityAgent
|
|
.It IdentityFile
|
|
.It IPQoS
|
|
.It KbdInteractiveAuthentication
|
|
.It KbdInteractiveDevices
|
|
.It KexAlgorithms
|
|
.It KnownHostsCommand
|
|
.It LogLevel
|
|
.It MACs
|
|
.It NoHostAuthenticationForLocalhost
|
|
.It NumberOfPasswordPrompts
|
|
.It PasswordAuthentication
|
|
.It PKCS11Provider
|
|
.It Port
|
|
.It PreferredAuthentications
|
|
.It ProxyCommand
|
|
.It ProxyJump
|
|
.It PubkeyAcceptedAlgorithms
|
|
.It PubkeyAuthentication
|
|
.It RekeyLimit
|
|
.It SendEnv
|
|
.It ServerAliveInterval
|
|
.It ServerAliveCountMax
|
|
.It SetEnv
|
|
.It StrictHostKeyChecking
|
|
.It TCPKeepAlive
|
|
.It UpdateHostKeys
|
|
.It User
|
|
.It UserKnownHostsFile
|
|
.It VerifyHostKeyDNS
|
|
.El
|
|
.It Fl P Ar port
|
|
Specifies the port to connect to on the remote host.
|
|
Note that this option is written with a capital
|
|
.Sq P ,
|
|
because
|
|
.Fl p
|
|
is already reserved for preserving the times and mode bits of the file.
|
|
.It Fl p
|
|
Preserves modification times, access times, and file mode bits from the
|
|
source file.
|
|
.It Fl q
|
|
Quiet mode: disables the progress meter as well as warning and diagnostic
|
|
messages from
|
|
.Xr ssh 1 .
|
|
.It Fl R
|
|
Copies between two remote hosts are performed by connecting to the origin
|
|
host and executing
|
|
.Nm
|
|
there.
|
|
This requires that
|
|
.Nm
|
|
running on the origin host can authenticate to the destination host without
|
|
requiring a password.
|
|
.It Fl r
|
|
Recursively copy entire directories.
|
|
Note that
|
|
.Nm
|
|
follows symbolic links encountered in the tree traversal.
|
|
.It Fl S Ar program
|
|
Name of
|
|
.Ar program
|
|
to use for the encrypted connection.
|
|
The program must understand
|
|
.Xr ssh 1
|
|
options.
|
|
.It Fl T
|
|
Disable strict filename checking.
|
|
By default when copying files from a remote host to a local directory
|
|
.Nm
|
|
checks that the received filenames match those requested on the command-line
|
|
to prevent the remote end from sending unexpected or unwanted files.
|
|
Because of differences in how various operating systems and shells interpret
|
|
filename wildcards, these checks may cause wanted files to be rejected.
|
|
This option disables these checks at the expense of fully trusting that
|
|
the server will not send unexpected filenames.
|
|
.It Fl v
|
|
Verbose mode.
|
|
Causes
|
|
.Nm
|
|
and
|
|
.Xr ssh 1
|
|
to print debugging messages about their progress.
|
|
This is helpful in
|
|
debugging connection, authentication, and configuration problems.
|
|
.El
|
|
.Sh EXIT STATUS
|
|
.Ex -std scp
|
|
.Sh SEE ALSO
|
|
.Xr sftp 1 ,
|
|
.Xr ssh 1 ,
|
|
.Xr ssh-add 1 ,
|
|
.Xr ssh-agent 1 ,
|
|
.Xr ssh-keygen 1 ,
|
|
.Xr ssh_config 5 ,
|
|
.Xr sftp-server 8 ,
|
|
.Xr sshd 8
|
|
.Sh HISTORY
|
|
.Nm
|
|
is based on the rcp program in
|
|
.Bx
|
|
source code from the Regents of the University of California.
|
|
.Pp
|
|
Since OpenSSH 8.8,
|
|
.Nm
|
|
has use the SFTP protocol for transfers by default.
|
|
.Sh AUTHORS
|
|
.An Timo Rinne Aq Mt tri@iki.fi
|
|
.An Tatu Ylonen Aq Mt ylo@cs.hut.fi
|
|
.Sh CAVEATS
|
|
The legacy SCP protocol (selected by the
|
|
.Fl O
|
|
flag) requires execution of the remote user's shell to perform
|
|
.Xr glob 3
|
|
pattern matching.
|
|
This requires careful quoting of any characters that have special meaning to
|
|
the remote shell, such as quote characters.
|