See also
Wikibooks has a book on the topic of: Guide to Windows Commands
| Developer(s) | The OpenSSH Project |
|---|---|
| Repository | github |
| Written in | C |
| Operating system | Cross-platform |
| Type | Command, Communication protocol |
| Website | www |
Secure copy protocol (SCP) is a means of securely transferring computer files between a local host and a remote host or between two remote hosts. It is based on the Secure Shell (SSH) protocol. [1] "SCP" commonly refers to both the Secure Copy Protocol and the program itself. [2]
According to OpenSSH developers in April 2019, SCP is outdated, inflexible and not readily fixed; they recommend the use of more modern protocols like SFTP and rsync for file transfer. [3] As of OpenSSH version 9.0, scp client therefore uses SFTP for file transfers by default instead of the legacy SCP/RCP protocol. [4]
The SCP is a network protocol, based on the BSD RCP protocol, [5] which supports file transfers between hosts on a network. SCP uses Secure Shell (SSH) for data transfer and uses the same mechanisms for authentication, thereby ensuring the authenticity and confidentiality of the data in transit. A client can send (upload) files to a server, optionally including their basic attributes (permissions, timestamps). Clients can also request files or directories from a server (download). SCP runs over TCP port 22 by default. [6] Like RCP, there is no RFC that defines the specifics of the protocol.
Normally, a client initiates an SSH connection to the remote host, and requests an SCP process to be started on the remote server. The remote SCP process can operate in one of two modes:
For most SCP clients, source mode is generally triggered with the -f flag (from), while sink mode is triggered with -t (to). [2] These flags are used internally and are not documented outside the SCP source code.
In the past, in remote-to-remote secure copy, the SCP client opens an SSH connection to the source host and requests that it, in turn, open an SCP connection to the destination. (Remote-to-remote mode did not support opening two SCP connections and using the originating client as an intermediary). It is important to note that SCP cannot be used to remotely copy from the source to the destination when operating in password or keyboard-interactive authentication mode, as this would reveal the destination server's authentication credentials to the source. It is, however, possible with key-based or GSSAPI methods that do not require user input. [2]
Recently, remote-to-remote mode supports routing traffic through the client which originated the transfer, even though it is a 3rd party to the transfer. This way, authorization credentials must reside only on the originating client, the 3rd party. [7]
SCP does not expect text communicating with the SSH login shell. Text transmitted due to the SSH profile (e.g. echo "Welcome" in the .bashrc file) is interpreted as an error message, and a null line (echo "") causes SCP client to deadlock waiting for the error message to complete. [2]
The SCP program [8] is a software tool implementing the SCP protocol as a service daemon or client. It is a program to perform secure copying.
Perhaps the most widely used SCP program is the OpenSSH command line scp program, which is provided in most SSH implementations. The scp program is the secure analog of the rcp command. The scp program must be part of all SSH servers that want to provide SCP service, as scp functions as SCP server too. Since OpenSSH 9.0, the program has been updated to use the newer, more secure SFTP protocol; an -O option is added for using SCP with old SCP-only servers. [4]
Typically, a syntax of scp program [9] is like the syntax of cp (copy):
Copying local file to a remote host:
scp LocalSourceFileuser@remotehost:directory/TargetFile
Copying file from remote host and recursively copying folder (with -r switch) from remote host:
scp user@remotehost:directory/SourceFileLocalTargetFile scp -r user@host:directory/SourceFolderLocalTargetFolder
Note that if the remote host uses a port other than the default of 22, it can be specified in the command. For example, copying a file from host:
scp -P 2222 user@host:directory/SourceFileTargetFile
As the Secure Copy Protocol implements file transfers only, GUI SCP clients are rare, as implementing it requires additional functionality (directory listing at least). For example, WinSCP defaults to the SFTP protocol. [10] Even when operating in SCP mode, clients like WinSCP are typically not pure SCP clients, as they must use other means to implement the additional functionality (like the ls command). [11] This in turn brings platform-dependency problems.
More comprehensive tools for managing files over SSH are SFTP clients.
In 2019 vulnerability CVE - 2019-6111 [12] was announced related to the openssh SCP tool and protocol allowing users to overwrite arbitrary files in the SCP client target directory.
The Secure Shell Protocol (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Its most notable applications are remote login and command-line execution.
The File Transfer Protocol (FTP) is a standard communication protocol used for the transfer of computer files from a server to a client on a computer network. FTP is built on a client–server model architecture using separate control and data connections between the client and the server. FTP users may authenticate themselves with a plain-text sign-in protocol, normally in the form of a username and password, but can connect anonymously if the server is configured to allow it. For secure transmission that protects the username and password, and encrypts the content, FTP is often secured with SSL/TLS (FTPS) or replaced with SSH File Transfer Protocol (SFTP).
rsync is a utility for transferring and synchronizing files between a computer and a storage drive and across networked computers by comparing the modification times and sizes of files. It is commonly found on Unix-like operating systems and is under the GPL-3.0-or-later license.
In computing, the SSH File Transfer Protocol is a network protocol that provides file access, file transfer, and file management over any reliable data stream. It was designed by the Internet Engineering Task Force (IETF) as an extension of the Secure Shell protocol (SSH) version 2.0 to provide secure file transfer capabilities, and is seen as a replacement of File Transfer Protocol (FTP) due to superior security. The IETF Internet Draft states that, even though this protocol is described in the context of the SSH-2 protocol, it could be used in a number of different applications, such as secure file transfer over Transport Layer Security (TLS) and transfer of management information in VPN applications.
cURL is a computer software project providing a library (libcurl) and command-line tool (curl) for transferring data using various network protocols. The name stands for "Client for URL".
PuTTY is a free and open-source terminal emulator, serial console and network file transfer application. It supports several network protocols, including SCP, SSH, Telnet, rlogin, and raw socket connection. It can also connect to a serial port. The name "PuTTY" has no official meaning.
The Berkeley r-commands are a suite of computer programs designed to enable users of one Unix system to log in or issue commands to another Unix computer via TCP/IP computer network. The r-commands were developed in 1982 by the Computer Systems Research Group at the University of California, Berkeley, based on an early implementation of TCP/IP.
File eXchange Protocol is a method of data transfer which uses FTP to transfer data from one remote server to another (inter-server) without routing this data through the client's connection. Conventional FTP involves a single server and a single client; all data transmission is done between these two. In the FXP session, a client maintains a standard FTP connection to two servers, and can direct either server to connect to the other to initiate a data transfer. The advantage of using FXP over FTP is evident when a high-bandwidth server demands resources from another high-bandwidth server, but only a low-bandwidth client, such as a network administrator working away from location, has the authority to access the resources on both servers.
Far Manager is an orthodox file manager for Microsoft Windows and is a clone of Norton Commander. Far Manager uses the Win32 console and has a keyboard-oriented user interface.
sftp is a command-line interface client program to transfer files using the SSH File Transfer Protocol (SFTP), which runs inside the encrypted Secure Shell connection.
FTPS is an extension to the commonly used File Transfer Protocol (FTP) that adds support for the Transport Layer Security (TLS) and, formerly, the Secure Sockets Layer cryptographic protocols.
WinSCP is a free and open-source file manager, SSH File Transfer Protocol (SFTP), File Transfer Protocol (FTP), WebDAV, Amazon S3, and secure copy protocol (SCP) client for Microsoft Windows.
An SSH client is a software program which uses the secure shell protocol to connect to a remote computer. This article compares a selection of notable clients.
Secure Shell (SSH) is a protocol allowing secure remote login to a computer on a network using public-key cryptography. SSH client programs typically run for the duration of a remote login session and are configured to look for the user's private key in a file in the user's home directory. For added security, it is common to store the private key in an encrypted form, where the encryption key is computed from a passphrase that the user has memorized. Because typing the passphrase can be tedious, many users would prefer to enter it just once per local login session. The most secure place to store the unencrypted key is in program memory, and in Unix-like operating systems, memory is normally associated with a process. A normal SSH client process cannot be used to store the unencrypted key because SSH client processes only last the duration of a remote login session. Therefore, users run a program called ssh-agent that runs beyond the duration of a local login session, stores unencrypted keys in memory, and communicates with SSH clients using a Unix domain socket.
In computing, SSHFS is a filesystem client to mount and interact with directories and files located on a remote server or workstation over a normal ssh connection. The client interacts with the remote file system via the SSH File Transfer Protocol (SFTP), a network protocol providing file access, file transfer, and file management functionality over any reliable data stream that was designed as an extension of the Secure Shell protocol (SSH) version 2.0.
Dropbear is a software package written by Matt Johnston that provides a Secure Shell-compatible server and client. It is designed as a replacement for standard OpenSSH for environments with low memory and processor resources, such as embedded systems. It is a core component of OpenWrt and other router distributions.
An SSH server is a software program which uses the Secure Shell protocol to accept connections from remote computers. SFTP/SCP file transfers and remote terminal connections are popular use cases for an SSH server.
OpenSSH is a suite of secure networking utilities based on the Secure Shell (SSH) protocol, which provides a secure channel over an unsecured network in a client–server architecture.
CopSSH is an implementation of OpenSSH for Windows. CopSSH offers both SSH client and server functionality and can be used for remote administration of Windows systems. CopSSH contains Cygwin DLLs and a compiled version of OpenSSH on Cygwin. An administration GUI is also provided as of version 4.0.0.
Bitvise is a proprietary secure remote access software developed for Windows and available as a client and server. The software is based on the Secure Shell (SSH) protocol, which provides a secure channel over an insecure network in a client-server architecture.