Secure copy


Secure copy protocol is a means of securely transferring computer files between a local host and a remote host or between two remote hosts. It is based on the Secure Shell protocol. "SCP" commonly refers to both the Secure Copy Protocol and the program itself. According to OpenSSH developers in April 2019 the scp protocol is outdated, inflexible and not readily fixed; they recommend the use of more modern protocols like sftp and rsync for file transfer.

Secure Copy Protocol

The SCP is a network protocol, based on the BSD RCP protocol, which supports file transfers between hosts on a network. SCP uses Secure Shell for data transfer and uses the same mechanisms for authentication, thereby ensuring the authenticity and confidentiality of the data in transit. A client can send files to a server, optionally including their basic attributes. Clients can also request files or directories from a server. SCP runs over TCP port 22 by default. Like RCP, there is no RFC that defines the specifics of the protocol.

Function

Normally, a client initiates an SSH connection to the remote host, and requests an SCP process to be started on the remote server. The remote SCP process can operate in one of two modes:
For most SCP clients, source mode is generally triggered with the -f flag, while sink mode is triggered with -t. These flags are used internally and are not documented outside the SCP source code.

Remote to remote mode

In the past, in remote-to-remote secure copy, the SCP client opens an SSH connection to the source host and requests that it, in turn, open an SCP connection to the destination. . It is important to note that SCP cannot be used to remotely copy from the source to the destination when operating in password or keyboard-interactive authentication mode, as this would reveal the destination server's authentication credentials to the source. It is, however, possible with key-based or GSSAPI methods that do not require user input.
Recently, remote-to-remote mode supports routing traffic through the client which originated the transfer, even though it is a 3rd party to the transfer. This way, authorization credentials must reside only on the originating client, the 3rd party.

Issues using talkative shell profiles

SCP does not expect text communicating with the ssh login shell. Text transmitted due to the ssh profile is interpreted as an error message, and a null line causes scp to deadlock waiting for the error message to complete.

Secure Copy (remote file copy program)

The SCP program is a software tool implementing the SCP protocol as a service daemon or client. It is a program to perform secure copying.
Perhaps the most widely used SCP program is the OpenSSH command line scp program, which is provided in most SSH implementations. The scp program is the secure analog of the rcp command. The scp program must be part of all SSH servers that want to provide SCP service, as scp functions as SCP server too.
Some SSH implementations provide the scp2 program, which uses the SFTP protocol instead of SCP, but provides the very same command line interface as scp. scp is then typically a symbolic link to scp2.

Syntax

Typically, a syntax of scp program is like the syntax of cp :
Copying file to host:
scp SourceFile user@host:directory/TargetFile
Copying file from host and copying folder from host :
scp user@host:directory/SourceFile TargetFile
scp -r user@host:directory/SourceFolder TargetFolder
Note that if the remote host uses a port other than the default of 22, it can be specified in the command. For example, copying a file from host:
scp -P 2222 user@host:directory/SourceFile TargetFile

Other clients

As the Secure Copy Protocol implements file transfers only, GUI SCP clients are rare, as implementing it requires additional functionality. For example, WinSCP defaults to the SFTP protocol. Even when operating in SCP mode, clients like WinSCP are typically not pure SCP clients, as they must use other means to implement the additional functionality. This in turn brings platform-dependency problems.
More comprehensive tools for managing files over SSH are SFTP clients.

Security

In 2019 vulnerability was announced related to the openssh SCP tool and protocol allowing users to overwrite arbitrary files in the SCP client target directory.