{ "mode": "man", "parameter": "SCP", "section": "1", "url": "https://www.chedong.com/phpMan.php/man/SCP/1/json", "generated": "2026-06-03T03:33:30Z", "synopsis": "scp [-346ABCOpqRrsTv] [-c cipher] [-D sftpserverpath] [-F sshconfig] [-i identityfile]\n[-J destination] [-l limit] [-o sshoption] [-P port] [-S program] source ... target", "sections": { "NAME": { "content": "scp — OpenSSH secure file copy\n", "subsections": [] }, "SYNOPSIS": { "content": "scp [-346ABCOpqRrsTv] [-c cipher] [-D sftpserverpath] [-F sshconfig] [-i identityfile]\n[-J destination] [-l limit] [-o sshoption] [-P port] [-S program] source ... target\n", "subsections": [] }, "DESCRIPTION": { "content": "scp copies files between hosts on a network.\n\nIt uses ssh(1) for data transfer, and uses the same authentication and provides the same secu‐\nrity as a login session.\n\nscp will ask for passwords or passphrases if they are needed for authentication.\n\nThe source and target may be specified as a local pathname, a remote host with optional path in\nthe form [user@]host:[path], or a URI in the form scp://[user@]host[:port][/path]. Local file\nnames can be made explicit using absolute or relative pathnames to avoid scp treating file\nnames containing ‘:’ as host specifiers.\n\nWhen copying between two remote hosts, if the URI format is used, a port cannot be specified on\nthe target if the -R option is used.\n\nThe options are as follows:\n", "subsections": [ { "name": "-3", "content": "option the data is copied directly between the two remote hosts. Note that, when using\nthe original SCP protocol (the default), this option selects batch mode for the second\nhost as scp cannot ask for passwords or passphrases for both hosts. This mode is the\ndefault.\n", "flag": "-3" }, { "name": "-4", "content": "", "flag": "-4" }, { "name": "-6", "content": "", "flag": "-6" }, { "name": "-A", "content": "an authentication agent.\n", "flag": "-A" }, { "name": "-B", "content": "", "flag": "-B" }, { "name": "-C -C", "content": "", "flag": "-C" }, { "name": "-c", "content": "Selects the cipher to use for encrypting the data transfer. This option is directly\npassed to ssh(1).\n", "flag": "-c" }, { "name": "-D", "content": "When using the SFTP protocol support via -s, connect directly to a local SFTP server\nprogram rather than a remote one via ssh(1). This option may be useful in debugging\nthe client and server.\n", "flag": "-D" }, { "name": "-F", "content": "Specifies an alternative per-user configuration file for ssh. This option is directly\npassed to ssh(1).\n", "flag": "-F" }, { "name": "-i", "content": "Selects the file from which the identity (private key) for public key authentication is\nread. This option is directly passed to ssh(1).\n", "flag": "-i" }, { "name": "-J", "content": "Connect to the target host by first making an scp connection to the jump host described\nby destination and then establishing a TCP forwarding to the ultimate destination from\nthere. Multiple jump hops may be specified separated by comma characters. This is a\nshortcut to specify a ProxyJump configuration directive. This option is directly\npassed to ssh(1).\n", "flag": "-J" }, { "name": "-l", "content": "Limits the used bandwidth, specified in Kbit/s.\n", "flag": "-l" }, { "name": "-O", "content": "the use of the SCP protocol may be necessary for servers that do not implement SFTP,\nfor backwards-compatibility for particular filename wildcard patterns and for expanding\npaths with a ‘~’ prefix for older SFTP servers. This mode is the default.\n", "flag": "-O" }, { "name": "-o", "content": "Can be used to pass options to ssh in the format used in sshconfig(5). This is useful\nfor specifying options for which there is no separate scp command-line flag. For full\ndetails of the options listed below, and their possible values, see sshconfig(5).\n\nAddressFamily\nBatchMode\nBindAddress\nBindInterface\nCanonicalDomains\nCanonicalizeFallbackLocal\nCanonicalizeHostname\nCanonicalizeMaxDots\nCanonicalizePermittedCNAMEs\nCASignatureAlgorithms\nCertificateFile\nCheckHostIP\nCiphers\nCompression\nConnectionAttempts\nConnectTimeout\nControlMaster\nControlPath\nControlPersist\nGlobalKnownHostsFile\nGSSAPIAuthentication\nGSSAPIDelegateCredentials\nHashKnownHosts\nHost\nHostbasedAcceptedAlgorithms\nHostbasedAuthentication\nHostKeyAlgorithms\nHostKeyAlias\nHostname\nIdentitiesOnly\nIdentityAgent\nIdentityFile\nIPQoS\nKbdInteractiveAuthentication\nKbdInteractiveDevices\nKexAlgorithms\nKnownHostsCommand\nLogLevel\nMACs\nNoHostAuthenticationForLocalhost\nNumberOfPasswordPrompts\nPasswordAuthentication\nPKCS11Provider\nPort\nPreferredAuthentications\nProxyCommand\nProxyJump\nPubkeyAcceptedAlgorithms\nPubkeyAuthentication\nRekeyLimit\nSendEnv\nServerAliveInterval\nServerAliveCountMax\nSetEnv\nStrictHostKeyChecking\nTCPKeepAlive\nUpdateHostKeys\nUser\nUserKnownHostsFile\nVerifyHostKeyDNS\n", "flag": "-o" }, { "name": "-P", "content": "Specifies the port to connect to on the remote host. Note that this option is written\nwith a capital ‘P’, because -p is already reserved for preserving the times and mode\nbits of the file.\n", "flag": "-P" }, { "name": "-p", "content": "", "flag": "-p" }, { "name": "-q", "content": "ssh(1).\n", "flag": "-q" }, { "name": "-R", "content": "cuting scp there. This requires that scp running on the origin host can authenticate\nto the destination host without requiring a password.\n", "flag": "-R" }, { "name": "-r", "content": "in the tree traversal.\n", "flag": "-r" }, { "name": "-S", "content": "Name of program to use for the encrypted connection. The program must understand\nssh(1) options.\n", "flag": "-S" }, { "name": "-s", "content": "", "flag": "-s" }, { "name": "-T", "content": "a local directory scp checks that the received filenames match those requested on the\ncommand-line to prevent the remote end from sending unexpected or unwanted files. Be‐\ncause of differences in how various operating systems and shells interpret filename\nwildcards, these checks may cause wanted files to be rejected. This option disables\nthese checks at the expense of fully trusting that the server will not send unexpected\nfilenames.\n", "flag": "-T" }, { "name": "-v", "content": "This is helpful in debugging connection, authentication, and configuration problems.\n", "flag": "-v" } ] }, "EXIT STATUS": { "content": "The scp utility exits 0 on success, and >0 if an error occurs.\n", "subsections": [] }, "SEE ALSO": { "content": "sftp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1), sshconfig(5), sftp-server(8),\nsshd(8)\n", "subsections": [] }, "HISTORY": { "content": "scp is based on the rcp program in BSD source code from the Regents of the University of Cali‐\nfornia.\n", "subsections": [] }, "AUTHORS": { "content": "Timo Rinne \nTatu Ylonen \n", "subsections": [] }, "CAVEATS": { "content": "The original SCP protocol (used by default) requires execution of the remote user's shell to\nperform glob(3) pattern matching. This requires careful quoting of any characters that have\nspecial meaning to the remote shell, such as quote characters.\n\nBSD February 10, 2022 BSD", "subsections": [] } }, "summary": "scp — OpenSSH secure file copy", "flags": [ { "flag": "-3", "long": null, "arg": null, "description": "option the data is copied directly between the two remote hosts. Note that, when using the original SCP protocol (the default), this option selects batch mode for the second host as scp cannot ask for passwords or passphrases for both hosts. This mode is the default." }, { "flag": "-4", "long": null, "arg": null, "description": "" }, { "flag": "-6", "long": null, "arg": null, "description": "" }, { "flag": "-A", "long": null, "arg": null, "description": "an authentication agent." }, { "flag": "-B", "long": null, "arg": null, "description": "" }, { "flag": "-C", "long": null, "arg": null, "description": "" }, { "flag": "-c", "long": null, "arg": null, "description": "Selects the cipher to use for encrypting the data transfer. This option is directly passed to ssh(1)." }, { "flag": "-D", "long": null, "arg": null, "description": "When using the SFTP protocol support via -s, connect directly to a local SFTP server program rather than a remote one via ssh(1). This option may be useful in debugging the client and server." }, { "flag": "-F", "long": null, "arg": null, "description": "Specifies an alternative per-user configuration file for ssh. This option is directly passed to ssh(1)." }, { "flag": "-i", "long": null, "arg": null, "description": "Selects the file from which the identity (private key) for public key authentication is read. This option is directly passed to ssh(1)." }, { "flag": "-J", "long": null, "arg": null, "description": "Connect to the target host by first making an scp connection to the jump host described by destination and then establishing a TCP forwarding to the ultimate destination from there. Multiple jump hops may be specified separated by comma characters. This is a shortcut to specify a ProxyJump configuration directive. This option is directly passed to ssh(1)." }, { "flag": "-l", "long": null, "arg": null, "description": "Limits the used bandwidth, specified in Kbit/s." }, { "flag": "-O", "long": null, "arg": null, "description": "the use of the SCP protocol may be necessary for servers that do not implement SFTP, for backwards-compatibility for particular filename wildcard patterns and for expanding paths with a ‘~’ prefix for older SFTP servers. This mode is the default." }, { "flag": "-o", "long": null, "arg": null, "description": "Can be used to pass options to ssh in the format used in sshconfig(5). This is useful for specifying options for which there is no separate scp command-line flag. For full details of the options listed below, and their possible values, see sshconfig(5). AddressFamily BatchMode BindAddress BindInterface CanonicalDomains CanonicalizeFallbackLocal CanonicalizeHostname CanonicalizeMaxDots CanonicalizePermittedCNAMEs CASignatureAlgorithms CertificateFile CheckHostIP Ciphers Compression ConnectionAttempts ConnectTimeout ControlMaster ControlPath ControlPersist GlobalKnownHostsFile GSSAPIAuthentication GSSAPIDelegateCredentials HashKnownHosts Host HostbasedAcceptedAlgorithms HostbasedAuthentication HostKeyAlgorithms HostKeyAlias Hostname IdentitiesOnly IdentityAgent IdentityFile IPQoS KbdInteractiveAuthentication KbdInteractiveDevices KexAlgorithms KnownHostsCommand LogLevel MACs NoHostAuthenticationForLocalhost NumberOfPasswordPrompts PasswordAuthentication PKCS11Provider Port PreferredAuthentications ProxyCommand ProxyJump PubkeyAcceptedAlgorithms PubkeyAuthentication RekeyLimit SendEnv ServerAliveInterval ServerAliveCountMax SetEnv StrictHostKeyChecking TCPKeepAlive UpdateHostKeys User UserKnownHostsFile VerifyHostKeyDNS" }, { "flag": "-P", "long": null, "arg": null, "description": "Specifies the port to connect to on the remote host. Note that this option is written with a capital ‘P’, because -p is already reserved for preserving the times and mode bits of the file." }, { "flag": "-p", "long": null, "arg": null, "description": "" }, { "flag": "-q", "long": null, "arg": null, "description": "ssh(1)." }, { "flag": "-R", "long": null, "arg": null, "description": "cuting scp there. This requires that scp running on the origin host can authenticate to the destination host without requiring a password." }, { "flag": "-r", "long": null, "arg": null, "description": "in the tree traversal." }, { "flag": "-S", "long": null, "arg": null, "description": "Name of program to use for the encrypted connection. The program must understand ssh(1) options." }, { "flag": "-s", "long": null, "arg": null, "description": "" }, { "flag": "-T", "long": null, "arg": null, "description": "a local directory scp checks that the received filenames match those requested on the command-line to prevent the remote end from sending unexpected or unwanted files. Be‐ cause of differences in how various operating systems and shells interpret filename wildcards, these checks may cause wanted files to be rejected. This option disables these checks at the expense of fully trusting that the server will not send unexpected filenames." }, { "flag": "-v", "long": null, "arg": null, "description": "This is helpful in debugging connection, authentication, and configuration problems." } ], "examples": [], "see_also": [ { "name": "sftp", "section": "1", "url": "https://www.chedong.com/phpMan.php/man/sftp/1/json" }, { "name": "ssh", "section": "1", "url": "https://www.chedong.com/phpMan.php/man/ssh/1/json" }, { "name": "ssh-add", "section": "1", "url": "https://www.chedong.com/phpMan.php/man/ssh-add/1/json" }, { "name": "ssh-agent", "section": "1", "url": "https://www.chedong.com/phpMan.php/man/ssh-agent/1/json" }, { "name": "ssh-keygen", "section": "1", "url": "https://www.chedong.com/phpMan.php/man/ssh-keygen/1/json" }, { "name": "sshconfig", "section": "5", "url": "https://www.chedong.com/phpMan.php/man/sshconfig/5/json" }, { "name": "sftp-server", "section": "8", "url": "https://www.chedong.com/phpMan.php/man/sftp-server/8/json" }, { "name": "sshd", "section": "8", "url": "https://www.chedong.com/phpMan.php/man/sshd/8/json" } ] }