scp2, scp - Secure Shell client remote copy application
scp2 [-D debug_level_spec] [-d] [-p] [-u] [-v] [-h] [-c
cipher] [-S ssh2-path] [-P ssh2 port#] [-t] [-f] [-1] [-4]
[-6] [-r] [-B] [-b buffer_size] [-N max_requests] [-a]
[-q] [-Q] [-V] [-o ssh2-option] [-i filename] [[user@]
host [port #]:] file ... [[user@] host [port #]:] filename
Prints debug information to stderr. The debug_level_spec
argument is a number between 0 and 99, where 99 specifies
that all debug information should be displayed. Makes
sure that the destination file is a directory. If it is
not a directory, the scp2 command will exit with an error
message. Preserves file attributes and timestamps.
Removes source files after copying. It is similar to moving
a file with the mv command. Displays information in
verbose mode. This is equal to specifying the -D 2 option.
Displays help. Specifies the encryption algorithm to use.
Multiple -c options are allowed; a single -c option can
specify only one cipher. Specifies the path used in connecting.
Specifies an option for the ssh2 command. Specifies
the identity file to use. Specifies the remote
port. Ports can also be defined on a file-to-file basis.
These options are reserved for scp1 compatibility mode.
If they are used with the scp2 command, they are used as
arguments to scp1 to handle the connection. Invokes scp1.
This argument must be the first on the command line and
separate from all other one-character arguments. It must
not be used when the -t or -f options are used. Instruct
ssh2 to use IPv4. Instruct ssh2 to use IPv6. Copies
directories recursively. Does not follow symbolic links.
Invokes batch mode. Defines the maximum buffer size for
one request. The default is 32768 bytes. Defines the
maximum number of concurrent requests. The default is 10.
Transfers files using ascii mode (i.e., new lines will be
converted on the fly). You cannot specify newline conventions
with the scp2 command. If you need that feature,
use the sftp2 command. Quiet mode. Only fatal errors are
reported. Hides process indicator. Displays the version.
The scp2 (secure copy) command creates a secure connection
between a Secure Shell client and a server to copy files.
A secure connection provides client and server authentication,
user authentication, data encryption, data
integrity, and nonrepudiation. The scp2 command is
intended as a secure replacement for the rcp command.
Unlike rcp, the scp2 command asks for passwords or
passphrases if they are needed for authentication.
After the client, server and user are authenticated, the
Secure Shell server executes the command. All communication
with the remote command or shell will be encrypted
automatically and checked for integrity. The session terminates
when the command completes.
A Secure Shell client and server use public host keys to
authenticate each other. When a client connects to a
server for the first time, the user is prompted to accept
a copy of the server's public host key. If the user
accepts the key, a copy of the server's public host key is
copied to the user's hostkeys directory on the client. The
client uses this public host key to authenticate the
server on subsequent connects. (See ssh-agent2 and sshadd2.)
Any filename can contain a host, user, and port specification
to indicate that the file is to be copied to or from
that host. Copies between two remote hosts are permitted.
The host parameter can be enclosed in square brackets
([ ]) to allow the use of semicolons (e.g., read: IPv6
addresses). The filename can contain globbing patterns
(wildcards), and all special characters can be escaped to
include them in the filename. See sshregex(5) for more
information about globbing patterns.
You can also use the Secure Shell sftp2 command to create
a secure network connection between a Secure Shell client
and a server to copy files.
See Security Administration for more information about
Secure Shell clients and servers and Secure Shell authentication.
The scp2 command uses ssh2 in network connections. Therefore
it is not installed as suid-root. The scp2 command
requires that the sftp-server subsystem be defined in the
sshd2 configuration file on the server for scp2 to work.
Operation was successful. Operation resulted in an undetermined
error within sshfilecopy. Destination is not
directory, but it should be. Connection to host failed.
Connection lost. File does not exist. No permission to
access file Undetermined error from sshfilexfer. File
transfer protocol mismatch.
The following example shows how to copy files from your
local system to a remote system: prompt>scp localfile
The following example shows how to copy files from a
remote system to a local system: prompt>scp user@remotehost:/dir/for/file/remotefile
Specifies Secure Shell client configuration information.
Specifies Secure Shell server configuration information.
Contains information on how the user will be authenticated
when contacting a specific host. The identification file
has the same general syntax as the configuration files.
The following keywords can be used: Followed by the file
name of a private key in the $HOME/.ssh2 directory used
for identification when contacting a host. If there is
more than one IdKey, they are tried in the order that they
appear in the identification file. Followed by the file
name of the user's OpenPGP private keyring in the
$HOME/.ssh2 directory. The OpenPGP keys listed after this
line are expected to be found from this file. The keys
identified with IdPgpKey*-keywords are used like ones
identified with IdKey-keyword. Followed by the OpenPGP
key name of the key in the PgpSecretKeyFile file. Followed
by the OpenPGP key fingerprint of the key in the
PgpSecretKeyFile file. Followed by the OpenPGP key ID of
the key in the PgpSecretKeyFile file. Contains information
on how the server will verify the identity of an
user. The authorization file has the same general syntax
as the configuration files. The following keywords can be
used: Followed by the file name of a public key in the
$HOME/.ssh2 directory used for identification when contacting
the host. More than one key is acceptable for
login. Followed by the file name of the user's OpenPGP
public keyring in the $HOME/.ssh2directory. OpenPGP keys
listed after this line are expected to be found from this
file. Keys identified with PgpKey*-keywords are used like
ones identified with Key-keyword. Followed by the OpenPGP
key name. Followed by the OpenPGP key fingerprint. Followed
by the OpenPGP key ID. Specifies a forced command
that will be executed on the server when the user is
authenticated. If used, it must follow the Key or PgpKey*
keyword. The command supplied by the user (if any) is put
in the environment variable SSH2_ORIGINAL_COMMAND.
The command is run on a pseudoterminal if the connection
requests a pseudoterminal; otherwise it is
run without a terminal.
This keyword might be useful for restricting certain
public keys to perform a specific operation,
such as a key that permits remote backups but nothing
A client can specify TCP/IP and/or X11 forwardings,
unless they are explicitly prohibited. These files
are the public keys of the hosts to which you connect.
They are updated automatically, unless you
set the StrictHostKeyChecking parameter to yes in
the ssh2_config file. If a host's key changes, you
should put the key here only if you are sure that
the new key is valid; for example, you are sure
that there was no man-in-the-middle attack. The
xxxx is the port on the server where the sshd2 deamon
runs, and the yyyy is the host (specified on
the command line). If a host key is not found from
the user's $HOME/.ssh2/hostkeys directory, this is
the next location to be checked. These files must
be updated manually. Contains a list of remote
users who are not required to supply a password
when they use Secure Shell host-based authentication
with the ssh2 command. Contains the names of
remote hosts and users that are equivalent to the
local host or user. An equivalent host or user is
allowed to use the ssh2 command with Secure Shell
host-based authentication without supplying a password.
Contains the public host keys of hosts that
users need to log in to when using host-based
The xxxx is the fully qualified domain name (FQDN)
and yyyy is the public key algorithm. Public key
algorithms are ssh-dss and ssh-rsa. For example,
if the FQDN for a host is server1.foo.fi and it has
a key algorithm of ssh-dss, the host key would be
server1.foo.fi.ssh-dss.pub in the knownhosts
A user must add the host name to a $HOME/.shosts
file or an $HOME/.rhosts file. Same as the
$HOME/.ssh2/knownhosts/xxxxyyyy.pub file, but system-wide.
This file is overridden if the user puts
a file with the same name in the $HOME/.ssh2/knownhosts
SSH is a registered trademark of SSH Communication Security
Commands: rcp(1), rlogin(1), rsh(1), sftp2(1), ssh-keygen2(1), ssh-agent2(1), ssh-add2(1), ssh2(1), telnet(1),
Guides: Security Administration
[ Back ]