Secure copy

Last updated
scp
Developer(s) The OpenSSH Project
Repository github.com/openssh/openssh-portable/
Written in C
Operating system Cross-platform
Type Command
Website www.openssh.com

Secure copy protocol (SCP) is a means of securely transferring computer files between a local host and a remote host or between two remote hosts. It is based on the Secure Shell (SSH) protocol. [1] "SCP" commonly refers to both the Secure Copy Protocol and the program itself. [2] According to OpenSSH developers in April 2019 the scp protocol is outdated, inflexible and not readily fixed; they recommend the use of more modern protocols like sftp and rsync for file transfer. [3]

Contents

Secure Copy Protocol

The SCP is a network protocol, based on the BSD RCP protocol, [4] which supports file transfers between hosts on a network. SCP uses Secure Shell (SSH) for data transfer and uses the same mechanisms for authentication, thereby ensuring the authenticity and confidentiality of the data in transit. A client can send (upload) files to a server, optionally including their basic attributes (permissions, timestamps). Clients can also request files or directories from a server (download). SCP runs over TCP port 22 by default. [5] Like RCP, there is no RFC that defines the specifics of the protocol.

Function

Normally, a client initiates an SSH connection to the remote host, and requests an SCP process to be started on the remote server. The remote SCP process can operate in one of two modes:

For most SCP clients, source mode is generally triggered with the -f flag (from), while sink mode is triggered with -t (to). [2] These flags are used internally and are not documented outside the SCP source code.

Remote to remote mode

In the past, in remote-to-remote secure copy, the SCP client opens an SSH connection to the source host and requests that it, in turn, open an SCP connection to the destination. (Remote-to-remote mode did not support opening two SCP connections and using the originating client as an intermediary). It is important to note that SCP cannot be used to remotely copy from the source to the destination when operating in password or keyboard-interactive authentication mode, as this would reveal the destination server's authentication credentials to the source. It is, however, possible with key-based or GSSAPI methods that do not require user input. [2]

Recently, remote-to-remote mode supports routing traffic through the client which originated the transfer, even though it is a 3rd party to the transfer. This way, authorization credentials must reside only on the originating client, the 3rd party. [6]

Issues using talkative shell profiles

SCP does not expect text communicating with the ssh login shell. Text transmitted due to the ssh profile (e.g. echo "Welcome" in the .bashrc file) is interpreted as an error message, and a null line (echo "") causes scp to deadlock waiting for the error message to complete. [2]

Secure Copy (remote file copy program)

The SCP program [7] is a software tool implementing the SCP protocol as a service daemon or client. It is a program to perform secure copying.

Perhaps the most widely used SCP program is the OpenSSH command line scp program, which is provided in most SSH implementations. The scp program is the secure analog of the rcp command. The scp program must be part of all SSH servers that want to provide SCP service, as scp functions as SCP server too.

Some SSH implementations provide the scp2 program, which uses the SFTP protocol instead of SCP, but provides the very same command line interface as scp. scp is then typically a symbolic link to scp2.

Syntax

Typically, a syntax of scp program [8] is like the syntax of cp (copy):

Copying file to host:

scp SourceFileuser@host:directory/TargetFile

Copying file from host and copying folder from host (with -r switch):

scp user@host:directory/SourceFileTargetFilescp -r user@host:directory/SourceFolderTargetFolder

Note that if the remote host uses a port other than the default of 22, it can be specified in the command. For example, copying a file from host:

scp -P 2222 user@host:directory/SourceFileTargetFile

Other clients

As the Secure Copy Protocol implements file transfers only, GUI SCP clients are rare, as implementing it requires additional functionality (directory listing at least). For example, WinSCP defaults to the SFTP protocol. [9] Even when operating in SCP mode, clients like WinSCP are typically not pure SCP clients, as they must use other means to implement the additional functionality (like the ls command). [10] This in turn brings platform-dependency problems.

More comprehensive tools for managing files over SSH are SFTP clients.

Security

In 2019 vulnerability CVE - 2019-6111 [11] was announced related to the openssh SCP tool and protocol allowing users to overwrite arbitrary files in the SCP client target directory.

See also

Related Research Articles

Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Typical applications include remote command-line, login, and remote command execution, but any network service can be secured with SSH.

The File Transfer Protocol (FTP) is a standard network protocol used for the transfer of computer files between a client and server on a computer network.

rsync File synchronization protocol and software

rsync is a utility for efficiently transferring and synchronizing files between a computer and an external hard drive and across networked computers by comparing the modification times and sizes of files. It is commonly found on Unix-like operating systems. Rsync is written in C as a single threaded application. The rsync algorithm is a type of delta encoding, and is used for minimizing network usage. Zlib may be used for additional data compression, and SSH or stunnel can be used for security. Rsync is the facility typically used for synchronizing software repositories on mirror sites used by package management systems.

Web Distributed Authoring and Versioning (WebDAV) is an extension of the Hypertext Transfer Protocol (HTTP) that allows clients to perform remote Web content authoring operations. WebDAV is defined in RFC 4918 by a working group of the Internet Engineering Task Force.

In computing, the SSH File Transfer Protocol is a network protocol that provides file access, file transfer, and file management over any reliable data stream. It was designed by the Internet Engineering Task Force (IETF) as an extension of the Secure Shell protocol (SSH) version 2.0 to provide secure file transfer capabilities. The IETF Internet Draft states that, even though this protocol is described in the context of the SSH-2 protocol, it could be used in a number of different applications, such as secure file transfer over Transport Layer Security (TLS) and transfer of management information in VPN applications.

PuTTY Free and open-source terminal emulator, serial console and network file transfer application

PuTTY is a free and open-source terminal emulator, serial console and network file transfer application. It supports several network protocols, including SCP, SSH, Telnet, rlogin, and raw socket connection. It can also connect to a serial port. The name "PuTTY" has no official meaning.

The Berkeley r-commands are a suite of computer programs designed to enable users of one Unix system to log in or issue commands to another Unix computer via TCP/IP computer network. The r-commands were developed in 1982 by the Computer Systems Research Group at the University of California, Berkeley, based on an early implementation of TCP/IP.

sftp is a command-line interface client program to transfer files using the SSH File Transfer Protocol (SFTP), which runs inside the encrypted Secure Shell connection.

FTPS is an extension to the commonly used File Transfer Protocol (FTP) that adds support for the Transport Layer Security (TLS) and, formerly, the Secure Sockets Layer cryptographic protocols.

In computer networks, a tunneling protocol is a communications protocol that allows for the movement of data from one network to another. It involves allowing private network communications to be sent across a public network through a process called encapsulation.

WinSCP open source SFTP client for Windows

WinSCP is a free and open-source SFTP, FTP, WebDAV, Amazon S3 and SCP client for Microsoft Windows. Its main function is secure file transfer between a local and a remote computer. Beyond this, WinSCP offers basic file manager and file synchronization functionality. For secure transfers, it uses Secure Shell (SSH) and supports the SCP protocol in addition to SFTP.

An SSH client is a software program which uses the secure shell protocol to connect to a remote computer. This article compares a selection of notable clients.

Secure Shell (SSH) is a protocol allowing secure remote login to a computer on a network using public-key cryptography. SSH client programs typically run for the duration of a remote login session and are configured to look for the user's private key in a file in the user's home directory. For added security, it is common to store the private key in an encrypted form, where the encryption key is computed from a passphrase that the user has memorized. Because typing the passphrase can be tedious, many users would prefer to enter it just once per local login session. The most secure place to store the unencrypted key is in program memory, and in Unix-like operating systems, memory is normally associated with a process. A normal SSH client process cannot be used to store the unencrypted key because SSH client processes only last the duration of a remote login session. Therefore, users run a program called ssh-agent that runs beyond the duration of a local login session, stores unencrypted keys in memory, and communicates with SSH clients using a Unix domain socket.

SSHFS Linux-Software

In computing, SSHFS is a filesystem client to mount and interact with directories and files located on a remote server or workstation over a normal ssh connection. The client interacts with the remote file system via the SSH File Transfer Protocol (SFTP), a network protocol providing file access, file transfer, and file management functionality over any reliable data stream that was designed as an extension of the Secure Shell protocol (SSH) version 2.0.

Files transferred over Shell protocol (FISH) is a network protocol that uses Secure Shell (SSH) or Remote Shell (RSH) to transfer files between computers and manage remote files.

Dropbear is a software package written by Matt Johnston that provides a Secure Shell-compatible server and client. It is designed as a replacement for standard OpenSSH for environments with low memory and processor resources, such as embedded systems. It is a core component of OpenWrt and other router distributions.

An SSH server is a software program which uses the secure shell protocol to accept connections from remote computers. SFTP/SCP file transfers and remote terminal connections are popular use cases for an SSH server.

OpenSSH Set of computer programs providing encrypted communication sessions

OpenSSH is a suite of secure networking utilities based on the Secure Shell (SSH) protocol, which provides a secure channel over an unsecured network in a client–server architecture.

CopSSH is an implementation of OpenSSH for Windows. CopSSH offers both SSH client and server functionality and can be used for remote administration of Windows systems. CopSSH contains Cygwin DLLs and a compiled version of OpenSSH on Cygwin. An administration GUI is also provided as of the version 4.0.0.

Bitvise is a proprietary secure remote access software developed for Windows and available as a client and server. The software is based on the Secure Shell (SSH) protocol, which provides a secure channel over an insecure network in a client-server architecture.

References

  1. "Linux and Unix scp command". Computer Hope. Retrieved 4 August 2015.
  2. 1 2 3 4 Pechanec, Jan. "How the SCP protocol works". Jan Pechanec's weblog. Oracle. Archived from the original on 2017-02-15. Retrieved 4 August 2015.
  3. "OpenSSH 8.0". OpenSSH Release Notes. 17 April 2019.
  4. "scp(1) - OpenBSD manual pages (history section)" . Retrieved 25 June 2012.
  5. Reserved, Copyright PCWDLD com © 2020 All Rights; Us, Contact; Policy, Privacy; Advertise; Use, Terms of; Disclaimer; friends, Info &; PCWDLD.com, About; Newsletters, Sign-Up for our (2019-06-29). "SCP - Secure Copy Protocol - What is it & Full Definition & Example Cmds!". PC & Network Downloads - PCWDLD.com. Retrieved 2020-05-22.
  6. Br; August 16, on Carroll in Networking on; 2017; Pst, 9:34 Am. "How to use Secure Copy for file transfer". TechRepublic. Retrieved 2020-05-22.CS1 maint: numeric names: authors list (link)
  7. https://github.com/openssh/openssh-portable/blob/master/scp.c
  8. "scp(1) - OpenBSD manual pages" https://man.openbsd.org/scp
  9. "Supported File Transfer Protocols :: WinSCP". winscp.net. Retrieved 2020-05-22.
  10. "The SCP/Shell Page (Advanced Site Settings dialog) :: WinSCP". winscp.net. Retrieved 2020-05-22.
  11. https://nvd.nist.gov/vuln/detail/CVE-2019-6111