scp2, scp - Secure Shell client remote copy application
scp2 [-D debug_level_spec] [-d] [-p] [-u] [-v] [-h] [-c cipher] [-S ssh2-
path] [-P ssh2 port#] [-t] [-f] [-1] [-4] [-6] [-r] [-B] [-b buffer_size]
[-N max_requests] [-a] [-q] [-Q] [-V] [-o ssh2-option] [-i filename]
[[user@] host [port #]:] file ... [[user@] host [port #]:] filename or
Prints debug information to stderr. The debug_level_spec argument is a
number between 0 and 99, where 99 specifies that all debug information
should be displayed.
-d Makes sure that the destination file is a directory. If it is not a
directory, the scp2 command will exit with an error message.
-p Preserves file attributes and timestamps.
-u Removes source files after copying. It is similar to moving a file with
the mv command.
-v Displays information in verbose mode. This is equal to specifying the
-D 2 option.
-h Displays help.
Specifies the encryption algorithm to use. Multiple -c options are
allowed; a single -c option can specify only one cipher.
Specifies the path used in connecting.
Specifies an option for the ssh2 command.
Specifies the identity file to use.
Specifies the remote port. Ports can also be defined on a file-to-file
-t or -f
These options are reserved for scp1 compatibility mode. If they are
used with the scp2 command, they are used as arguments to scp1 to han-
dle the connection.
-1 Invokes scp1. This argument must be the first on the command line and
separate from all other one-character arguments. It must not be used
when the -t or -f options are used.
-4 Instruct ssh2 to use IPv4.
-6 Instruct ssh2 to use IPv6.
-r Copies directories recursively. Does not follow symbolic links.
-B Invokes batch mode.
Defines the maximum buffer size for one request. The default is 32768
Defines the maximum number of concurrent requests. The default is 10.
-a Transfers files using ascii mode (i.e., new lines will be converted on
the fly). You cannot specify newline conventions with the scp2 com-
mand. If you need that feature, use the sftp2 command.
-q Quiet mode. Only fatal errors are reported.
-Q Hides process indicator.
-V Displays the version.
The scp2 (secure copy) command creates a secure connection between a Secure
Shell client and a server to copy files. A secure connection provides
client and server authentication, user authentication, data encryption,
data integrity, and nonrepudiation. The scp2 command is intended as a
secure replacement for the rcp command. Unlike rcp, the scp2 command asks
for passwords or passphrases if they are needed for authentication.
After the client, server and user are authenticated, the Secure Shell
server executes the command. All communication with the remote command or
shell will be encrypted automatically and checked for integrity. The ses-
sion terminates when the command completes.
A Secure Shell client and server use public host keys to authenticate each
other. When a client connects to a server for the first time, the user is
prompted to accept a copy of the server's public host key. If the user
accepts the key, a copy of the server's public host key is copied to the
user's hostkeys directory on the client. The client uses this public host
key to authenticate the server on subsequent connects. (See ssh-agent2 and
Any filename can contain a host, user, and port specification to indicate
that the file is to be copied to or from that host. Copies between two
remote hosts are permitted. The host parameter can be enclosed in square
brackets ([ ]) to allow the use of semicolons (e.g., read: IPv6 addresses).
The filename can contain globbing patterns (wildcards), and all special
characters can be escaped to include them in the filename. See sshre-
gex(5) for more information about globbing patterns.
You can also use the Secure Shell sftp2 command to create a secure network
connection between a Secure Shell client and a server to copy files.
See Security Administration for more information about Secure Shell clients
and servers and Secure Shell authentication.
The scp2 command uses ssh2 in network connections. Therefore it is not
installed as suid-root. The scp2 command requires that the sftp-server
subsystem be defined in the sshd2 configuration file on the server for
scp2 to work.
0 Operation was successful.
1, 2 Operation resulted in an undetermined error within sshfilecopy.
3 Destination is not directory, but it should be.
4 Connection to host failed.
5 Connection lost.
6 File does not exist.
7 No permission to access file
8 Undetermined error from sshfilexfer.
9 File transfer protocol mismatch.
The following example shows how to copy files from your local system to a
prompt>>scp localfile user@remotehost:/dest/dir/for/file/
The following example shows how to copy files from a remote system to a
prompt>>scp user@remotehost:/dir/for/file/remotefile /dest/dir/for/file
Specifies Secure Shell client configuration information.
Specifies Secure Shell server configuration information.
Contains information on how the user will be authenticated when con-
tacting a specific host. The identification file has the same general
syntax as the configuration files. The following keywords can be used:
IdKey Followed by the file name of a private key in the $HOME/.ssh2
directory used for identification when contacting a host. If
there is more than one IdKey, they are tried in the order that
they appear in the identification file.
Followed by the file name of the user's OpenPGP private keyring
in the $HOME/.ssh2 directory. The OpenPGP keys listed after
this line are expected to be found from this file. The keys
identified with IdPgpKey*-keywords are used like ones identi-
fied with IdKey-keyword.
Followed by the OpenPGP key name of the key in the PgpSecret-
Followed by the OpenPGP key fingerprint of the key in the
Followed by the OpenPGP key ID of the key in the PgpSecretKey-
Contains information on how the server will verify the identity of an
user. The authorization file has the same general syntax as the confi-
guration files. The following keywords can be used:
Key Followed by the file name of a public key in the $HOME/.ssh2
directory used for identification when contacting the host.
More than one key is acceptable for login.
Followed by the file name of the user's OpenPGP public keyring
in the $HOME/.ssh2directory. OpenPGP keys listed after this
line are expected to be found from this file. Keys identified
with PgpKey*-keywords are used like ones identified with Key-
Followed by the OpenPGP key name.
Followed by the OpenPGP key fingerprint.
Followed by the OpenPGP key ID.
Command Specifies a forced command that will be executed on the server
when the user is authenticated. If used, it must follow the
Key or PgpKey* keyword. The command supplied by the user (if
any) is put in the environment variable SSH2_ORIGINAL_COMMAND.
The command is run on a pseudoterminal if the connection
requests a pseudoterminal; otherwise it is run without a termi-
This keyword might be useful for restricting certain public
keys to perform a specific operation, such as a key that per-
mits remote backups but nothing else.
A client can specify TCP/IP and/or X11 forwardings, unless they
are explicitly prohibited.
These files are the public keys of the hosts to which you connect. They
are updated automatically, unless you set the StrictHostKeyChecking
parameter to yes in the ssh2_config file. If a host's key changes, you
should put the key here only if you are sure that the new key is valid;
for example, you are sure that there was no man-in-the-middle attack.
The xxxx is the port on the server where the sshd2 deamon runs, and the
yyyy is the host (specified on the command line).
If a host key is not found from the user's $HOME/.ssh2/hostkeys direc-
tory, this is the next location to be checked. These files must be
$HOME/.rhosts and $HOME/.shosts
Contains a list of remote users who are not required to supply a pass-
word when they use Secure Shell host-based authentication with the ssh2
Contains the names of remote hosts and users that are equivalent to the
local host or user. An equivalent host or user is allowed to use the
ssh2 command with Secure Shell host-based authentication without sup-
plying a password.
Contains the public host keys of hosts that users need to log in to
when using host-based authentication.
The xxxx is the fully qualified domain name (FQDN) and yyyy is the pub-
lic key algorithm. Public key algorithms are ssh-dss and ssh-rsa. For
example, if the FQDN for a host is server1.foo.fi and it has a key
algorithm of ssh-dss, the host key would be server1.foo.fi.ssh-dss.pub
in the knownhosts directory.
A user must add the host name to a $HOME/.shosts file or an
Same as the $HOME/.ssh2/knownhosts/xxxxyyyy.pub file, but system-wide.
This file is overridden if the user puts a file with the same name in
the $HOME/.ssh2/knownhosts directory.
SSH is a registered trademark of SSH Communication Security Ltd.
Commands: rcp(1), rlogin(1), rsh(1), sftp2(1), ssh-keygen2(1), ssh-
agent2(1), ssh-add2(1), ssh2(1), telnet(1), sshd2(8)
Guides: Security Administration