scp2(1)scp2(1)NAME
scp2, scp - Secure Shell client remote copy application
SYNOPSISscp2 [-D debug_level_spec] [-d] [-p] [-u] [-v] [-h] [-c cipher] [-S
ssh2-path] [-P ssh2 port#] [-t] [-f] [-1] [-4] [-6] [-r] [-B] [-b buf‐
fer_size] [-N max_requests] [-a] [-q] [-Q] [-V] [-o ssh2-option] [-i
filename] [[user@] host [port #]:] file ... [[user@] host [port #]:]
filename or directoryname
OPTIONS
Prints debug information to stderr. The debug_level_spec argument is a
number between 0 and 99, where 99 specifies that all debug information
should be displayed. Makes sure that the destination file is a direc‐
tory. If it is not a directory, the scp2 command will exit with an
error message. Preserves file attributes and timestamps. Removes
source files after copying. It is similar to moving a file with the mv
command. Displays information in verbose mode. This is equal to speci‐
fying the -D 2 option. Displays help. Specifies the encryption algo‐
rithm to use. Multiple -c options are allowed; a single -c option can
specify only one cipher. Specifies the path used in connecting. Spec‐
ifies an option for the ssh2 command. Specifies the identity file to
use. Specifies the remote port. Ports can also be defined on a file-
to-file basis. These options are reserved for scp1 compatibility mode.
If they are used with the scp2 command, they are used as arguments to
scp1 to handle the connection. Invokes scp1. This argument must be
the first on the command line and separate from all other one-charac‐
ter arguments. It must not be used when the -t or -f options are used.
Instruct ssh2 to use IPv4. Instruct ssh2 to use IPv6. Copies directo‐
ries recursively. Does not follow symbolic links. Invokes batch mode.
Defines the maximum buffer size for one request. The default is 32768
bytes. Defines the maximum number of concurrent requests. The default
is 10. Transfers files using ascii mode (i.e., new lines will be con‐
verted on the fly). You cannot specify newline conventions with the
scp2 command. If you need that feature, use the sftp2 command. Quiet
mode. Only fatal errors are reported. Hides process indicator. Dis‐
plays the version.
DESCRIPTION
The scp2 (secure copy) command creates a secure connection between a
Secure Shell client and a server to copy files. A secure connection
provides client and server authentication, user authentication, data
encryption, data integrity, and nonrepudiation. The scp2 command is
intended as a secure replacement for the rcp command. Unlike rcp, the
scp2 command asks for passwords or passphrases if they are needed for
authentication.
After the client, server and user are authenticated, the Secure Shell
server executes the command. All communication with the remote command
or shell will be encrypted automatically and checked for integrity.
The session terminates when the command completes.
A Secure Shell client and server use public host keys to authenticate
each other. When a client connects to a server for the first time, the
user is prompted to accept a copy of the server's public host key. If
the user accepts the key, a copy of the server's public host key is
copied to the user's hostkeys directory on the client. The client uses
this public host key to authenticate the server on subsequent connects.
(See ssh-agent2 and ssh-add2.)
Any filename can contain a host, user, and port specification to indi‐
cate that the file is to be copied to or from that host. Copies
between two remote hosts are permitted. The host parameter can be
enclosed in square brackets ([ ]) to allow the use of semicolons (e.g.,
read: IPv6 addresses). The filename can contain globbing patterns
(wildcards), and all special characters can be escaped to include them
in the filename. See sshregex(5) for more information about globbing
patterns.
You can also use the Secure Shell sftp2 command to create a secure net‐
work connection between a Secure Shell client and a server to copy
files.
See Security Administration for more information about Secure Shell
clients and servers and Secure Shell authentication.
NOTES
The scp2 command uses ssh2 in network connections. Therefore it is not
installed as suid-root. The scp2 command requires that the sftp-server
subsystem be defined in the sshd2 configuration file on the server for
scp2 to work.
EXIT STATUS
Operation was successful. Operation resulted in an undetermined error
within sshfilecopy. Destination is not directory, but it should be.
Connection to host failed. Connection lost. File does not exist. No
permission to access file Undetermined error from sshfilexfer. File
transfer protocol mismatch.
EXAMPLES
The following example shows how to copy files from your local system to
a remote system: prompt>scp localfile user@remote‐
host:/dest/dir/for/file/
The following example shows how to copy files from a remote system to a
local system: prompt>scp user@remotehost:/dir/for/file/remotefile
/dest/dir/for/file
FILES
Specifies Secure Shell client configuration information. Specifies
Secure Shell server configuration information. Contains information on
how the user will be authenticated when contacting a specific host.
The identification file has the same general syntax as the configura‐
tion files. The following keywords can be used: Followed by the file
name of a private key in the $HOME/.ssh2 directory used for identifica‐
tion when contacting a host. If there is more than one IdKey, they are
tried in the order that they appear in the identification file. Fol‐
lowed by the file name of the user's OpenPGP private keyring in the
$HOME/.ssh2 directory. The OpenPGP keys listed after this line are
expected to be found from this file. The keys identified with IdPgp‐
Key*-keywords are used like ones identified with IdKey-keyword. Fol‐
lowed by the OpenPGP key name of the key in the PgpSecretKeyFile file.
Followed by the OpenPGP key fingerprint of the key in the PgpSecretKey‐
File file. Followed by the OpenPGP key ID of the key in the PgpSe‐
cretKeyFile file. Contains information on how the server will verify
the identity of an user. The authorization file has the same general
syntax as the configuration files. The following keywords can be used:
Followed by the file name of a public key in the $HOME/.ssh2 directory
used for identification when contacting the host. More than one key is
acceptable for login. Followed by the file name of the user's OpenPGP
public keyring in the $HOME/.ssh2directory. OpenPGP keys listed after
this line are expected to be found from this file. Keys identified
with PgpKey*-keywords are used like ones identified with Key-keyword.
Followed by the OpenPGP key name. Followed by the OpenPGP key finger‐
print. Followed by the OpenPGP key ID. Specifies a forced command
that will be executed on the server when the user is authenticated. If
used, it must follow the Key or PgpKey* keyword. The command supplied
by the user (if any) is put in the environment variable SSH2_ORIGI‐
NAL_COMMAND.
The command is run on a pseudoterminal if the connection
requests a pseudoterminal; otherwise it is run without a termi‐
nal.
This keyword might be useful for restricting certain public keys
to perform a specific operation, such as a key that permits
remote backups but nothing else.
A client can specify TCP/IP and/or X11 forwardings, unless they
are explicitly prohibited. These files are the public keys of
the hosts to which you connect. They are updated automatically,
unless you set the StrictHostKeyChecking parameter to yes in the
ssh2_config file. If a host's key changes, you should put the
key here only if you are sure that the new key is valid; for
example, you are sure that there was no man-in-the-middle
attack. The xxxx is the port on the server where the sshd2 dea‐
mon runs, and the yyyy is the host (specified on the command
line). If a host key is not found from the user's
$HOME/.ssh2/hostkeys directory, this is the next location to be
checked. These files must be updated manually. Contains a list
of remote users who are not required to supply a password when
they use Secure Shell host-based authentication with the ssh2
command. Contains the names of remote hosts and users that are
equivalent to the local host or user. An equivalent host or user
is allowed to use the ssh2 command with Secure Shell host-based
authentication without supplying a password. Contains the pub‐
lic host keys of hosts that users need to log in to when using
host-based authentication.
The xxxx is the fully qualified domain name (FQDN) and yyyy is
the public key algorithm. Public key algorithms are ssh-dss and
ssh-rsa. For example, if the FQDN for a host is server1.foo.fi
and it has a key algorithm of ssh-dss, the host key would be
server1.foo.fi.ssh-dss.pub in the knownhosts directory.
A user must add the host name to a $HOME/.shosts file or an
$HOME/.rhosts file. Same as the $HOME/.ssh2/known‐
hosts/xxxxyyyy.pub file, but system-wide. This file is overrid‐
den if the user puts a file with the same name in the
$HOME/.ssh2/knownhosts directory.
LEGAL NOTICES
SSH is a registered trademark of SSH Communication Security Ltd.
SEE ALSO
Commands: rcp(1), rlogin(1), rsh(1), sftp2(1), ssh-keygen2(1), ssh-
agent2(1), ssh-add2(1), ssh2(1), telnet(1), sshd2(8)
Guides: Security Administration
scp2(1)