SCP(1) BSD General Commands Manual SCP(1)
NAME
scp - secure copy (remote file copy program)
SYNOPSIS
scp [-pqrvBC46] [-F ssh_config] [-S program] [-P port] [-c cipher]
[-i identity_file] [-o ssh_option] [[user@]host1:]file1 [...]
[[user@]host2:]file2
DESCRIPTION
scp copies files between hosts on a network. It uses ssh(1) for data
transfer, and uses the same authentication and provides the same security
as ssh(1). Unlike rcp(1), scp will ask for passwords or passphrases if
they are needed for authentication.
Any file name may contain a host and user specification to indicate that
the file is to be copied to/from that host. Copies between two remote
hosts are permitted.
The options are as follows:
-c cipher
Selects the cipher to use for encrypting the data transfer. This
option is directly passed to ssh(1).
-i identity_file
Selects the file from which the identity (private key) for RSA
authentication is read. This option is directly passed to
ssh(1).
-p Preserves modification times, access times, and modes from the
original file.
-r Recursively copy entire directories.
-v Verbose mode. Causes scp and ssh(1) to print debugging messages
about their progress. This is helpful in debugging connection,
authentication, and configuration problems.
-B Selects batch mode (prevents asking for passwords or
passphrases).
-q Disables the progress meter.
-C Compression enable. Passes the -C flag to ssh(1) to enable com-
pression.
-F ssh_config
Specifies an alternative per-user configuration file for ssh.
This option is directly passed to ssh(1).
-P port
Specifies the port to connect to on the remote host. Note that
this option is written with a capital 'P', because -p is already
reserved for preserving the times and modes of the file in
rcp(1).
-S program
Name of program to use for the encrypted connection. The program
must understand ssh(1) options.
-o ssh_option
Can be used to pass options to ssh in the format used in
ssh_config(5). This is useful for specifying options for which
there is no separate scp command-line flag. For example, forcing
the use of protocol version 1 is specified using scp
-oProtocol=1.
-4 Forces scp to use IPv4 addresses only.
-6 Forces scp to use IPv6 addresses only.
DIAGNOSTICS
scp exits with 0 on success or >0 if an error occurred.
AUTHORS
Timo Rinne <> and Tatu Ylonen <>
HISTORY
scp is based on the rcp(1) program in BSD source code from the Regents of
the University of California.
SEE ALSO
rcp(1), sftp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1),
ssh_config(5), sshd(8)
BSD September 25, 1999 BSD
===============================================================================
RCP(1) RCP(1)
NAME
rcp - remote file copy
SYNOPSIS
rcp [-p] [-x] [-k realm ] [-D port] [-N] [-PN | -PO] file1 file2
rcp [-p] [-x] [-k realm] [-r] [-D port] [-N] [-PN | -PO] file ...
directory
DESCRIPTION
Rcp copies files between machines. Each file or directory argument is
either a remote file name of the form ``rhost:path'', or a local file
name (containing no `:' characters, or a `/' before any `:'s).
By default, the mode and owner of file2 are preserved if it already
existed; otherwise the mode of the source file modified by the umask(2)
on the destination host is used.
If path is not a full path name, it is interpreted relative to your
login directory on rhost. A path on a remote host may be quoted (using
\, ", or ') so that the metacharacters are interpreted remotely.
Rcp does not prompt for passwords; it uses Kerberos authentication when
connecting to rhost. Each user may have a private authorization list
in a file .k5login in his login directory. Each line in this file
should contain a Kerberos principal name of the form princi-
. If there is a ~/.k5login file, then access is
granted to the account if and only if the originater user is authenti-
cated to one of the principals named in the ~/.k5login file. Other-
wise, the originating user will be granted access to the account if and
only if the authenticated principal name of the user can be mapped to
the local account name using the aname -> lname mapping rules (see
krb5_anadd(8) for more details).
OPTIONS
-p attempt to preserve (duplicate) the modification times and modes
of the source files in the copies, ignoring the umask.
-x encrypt all information transferring between hosts.
-k realm
obtain tickets for the remote host in realm instead of the
remote host's realm as determined by krb_realmofhost(3).
-r if any of the source files are directories, copy each subtree
rooted at that name; in this case the destination must be a
directory.
-PN
-PO Explicitly request new or old version of the Kerberos ``rcmd''
protocol. The new protocol avoids many security problems found
in the old one, but is not interoperable with older servers.
(An "input/output error" and a closed connection is the most
likely result of attempting this combination.) If neither
option is specified, some simple heuristics are used to guess
which to try.
-D port
connect to port port on the remote machine.
-N use a network connection, even when copying files on the local
machine (used for testing purposes).
Rcp handles third party copies, where neither source nor target files
are on the current machine. Hostnames may also take the form
to use rname rather than the current user name on the
remote host.
FILES
~/.k5login (on remote host) - file containing Kerberos principals that
are allowed access.
SEE ALSO
cp(1), ftp(1), rsh(1), rlogin(1), kerberos(3), krb_getrealm(3), rcp(1)
[UCB version]
BUGS
Rcp doesn't detect all cases where the target of a copy might be a file
in cases where only a directory should be legal.
Rcp is confused by any output generated by commands in a .login, .pro-
file, or .cshrc file on the remote host.
Kerberos is only used for the first connection of a third-party copy;
the second connection uses the standard Berkeley rcp protocol.
RCP(1)
