- scp — Man Page
- Exit Status
- See Also
- History
- Authors
- Caveats
- How Do I SCP with a Different Port?
- Downloading Files Using SCP on a Different Port
- Downloading Directories Using SCP on a Different Port
- Uploading Files Using SCP with Different Port
- Uploading Directories Using SCP with Different Port
- Change the Remote Default SSH Port from 22 to Other
- Conclusion
- About the author
- David Adams
scp — Man Page
scp uses the SFTP protocol over a ssh(1) connection for data transfer, and uses the same authentication and provides the same security as a login session.
scp will ask for passwords or passphrases if they are needed for authentication.
The source and target may be specified as a local pathname, a remote host with optional path in the form [user@]host:[path], or a URI in the form scp://[user@]host[:port][/path]. Local file names can be made explicit using absolute or relative pathnames to avoid scp treating file names containing ‘:’ as host specifiers.
When copying between two remote hosts, if the URI format is used, a port cannot be specified on the target if the -R option is used.
The options are as follows:
Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. Note that, when using the legacy SCP protocol (via the -O flag), this option selects batch mode for the second host as scp cannot ask for passwords or passphrases for both hosts. This mode is the default.
Forces scp to use IPv4 addresses only.
Forces scp to use IPv6 addresses only.
Allows forwarding of ssh-agent(1) to the remote system. The default is not to forward an authentication agent.
Selects batch mode (prevents asking for passwords or passphrases).
Compression enable. Passes the -C flag to ssh(1) to enable compression.
Selects the cipher to use for encrypting the data transfer. This option is directly passed to ssh(1).
Connect directly to a local SFTP server program rather than a remote one via ssh(1). This option may be useful in debugging the client and server.
Specifies an alternative per-user configuration file for ssh. This option is directly passed to ssh(1).
Selects the file from which the identity (private key) for public key authentication is read. This option is directly passed to ssh(1).
Connect to the target host by first making an scp connection to the jump host described by destination and then establishing a TCP forwarding to the ultimate destination from there. Multiple jump hops may be specified separated by comma characters. This is a shortcut to specify a ProxyJump configuration directive. This option is directly passed to ssh(1).
Limits the used bandwidth, specified in Kbit/s.
Use the legacy SCP protocol for file transfers instead of the SFTP protocol. Forcing the use of the SCP protocol may be necessary for servers that do not implement SFTP, for backwards-compatibility for particular filename wildcard patterns and for expanding paths with a ‘~’ prefix for older SFTP servers.
Can be used to pass options to ssh in the format used in ssh_config(5). This is useful for specifying options for which there is no separate scp command-line flag. For full details of the options listed below, and their possible values, see ssh_config(5).
- AddressFamily
- BatchMode
- BindAddress
- BindInterface
- CanonicalDomains
- CanonicalizeFallbackLocal
- CanonicalizeHostname
- CanonicalizeMaxDots
- CanonicalizePermittedCNAMEs
- CASignatureAlgorithms
- CertificateFile
- CheckHostIP
- Ciphers
- Compression
- ConnectionAttempts
- ConnectTimeout
- ControlMaster
- ControlPath
- ControlPersist
- GlobalKnownHostsFile
- GSSAPIAuthentication
- GSSAPIDelegateCredentials
- HashKnownHosts
- Host
- HostbasedAcceptedAlgorithms
- HostbasedAuthentication
- HostKeyAlgorithms
- HostKeyAlias
- Hostname
- IdentitiesOnly
- IdentityAgent
- IdentityFile
- IPQoS
- KbdInteractiveAuthentication
- KbdInteractiveDevices
- KexAlgorithms
- KnownHostsCommand
- LogLevel
- MACs
- NoHostAuthenticationForLocalhost
- NumberOfPasswordPrompts
- PasswordAuthentication
- PKCS11Provider
- Port
- PreferredAuthentications
- ProxyCommand
- ProxyJump
- PubkeyAcceptedAlgorithms
- PubkeyAuthentication
- RekeyLimit
- RequiredRSASize
- SendEnv
- ServerAliveInterval
- ServerAliveCountMax
- SetEnv
- StrictHostKeyChecking
- TCPKeepAlive
- UpdateHostKeys
- User
- UserKnownHostsFile
- VerifyHostKeyDNS
Specifies the port to connect to on the remote host. Note that this option is written with a capital ‘P’, because -p is already reserved for preserving the times and mode bits of the file.
Preserves modification times, access times, and file mode bits from the source file.
Quiet mode: disables the progress meter as well as warning and diagnostic messages from ssh(1).
Copies between two remote hosts are performed by connecting to the origin host and executing scp there. This requires that scp running on the origin host can authenticate to the destination host without requiring a password.
Recursively copy entire directories. Note that scp follows symbolic links encountered in the tree traversal.
Name of program to use for the encrypted connection. The program must understand ssh(1) options.
Disable strict filename checking. By default when copying files from a remote host to a local directory scp checks that the received filenames match those requested on the command-line to prevent the remote end from sending unexpected or unwanted files. Because of differences in how various operating systems and shells interpret filename wildcards, these checks may cause wanted files to be rejected. This option disables these checks at the expense of fully trusting that the server will not send unexpected filenames.
Verbose mode. Causes scp and ssh(1) to print debugging messages about their progress. This is helpful in debugging connection, authentication, and configuration problems.
Specify an option that controls aspects of SFTP protocol behaviour. The valid options are:
Controls how many concurrent SFTP read or write requests may be in progress at any point in time during a download or upload. By default 64 requests may be active concurrently.
Controls the maximum buffer size for a single SFTP read/write operation used during download or upload. By default a 32KB buffer is used.
Usage of SCP protocol can be blocked by creating a world-readable /etc/ssh/disable_scp file. If this file exists, when SCP protocol is in use (either remotely or via the -O option), the program will exit.
Exit Status
The scp utility exits 0 on success, and >0 if an error occurs.
See Also
History
scp is based on the rcp program in BSD source code from the Regents of the University of California.
Since OpenSSH 9.0, scp has used the SFTP protocol for transfers by default.
Authors
Caveats
The legacy SCP protocol (selected by the -O flag) requires execution of the remote user’s shell to perform glob(3) pattern matching. This requires careful quoting of any characters that have special meaning to the remote shell, such as quote characters.
How Do I SCP with a Different Port?
This tutorial explains how to transfer files or directories using SCP (Secure Copy Protocol) with a different port than the default 22 (SSH) port.
By default, the SCP command uses the port 22 (SSH). In case the remote system has configured the SSH service to run on a different port, you still can use SCP followed by the -P flag to specify the port you need.
Downloading Files Using SCP on a Different Port
To specify a different port than 22 when using the SCP command, you need to implement the -P flag as shown in the example below, in which the default port was changed to port 3940.
The syntax is pretty simple as shown below.
In the example below, I show how to download the file named linuxint.file from the remote host through port 3940. The file is stored in the home directory of the remote user named kali which I use to authenticate, that’s the default remote location when no other is defined.
At the end of the command, I specify the local directory in which the file will be saved (Downloads).
As you can see, the file transfer was done successfully. The reason explaining 0.0KB/S is that all files for this tutorial are empty.
Downloading Directories Using SCP on a Different Port
Downloading directories requires a very similar syntax except for the -r flag which must be added additionally to the -P flag as shown in the example below. The screenshot below shows how to cpu the remote directory named dir to the local home directory, all through port 3049.
As you can see, the directory was downloaded recursively to the local home.
Uploading Files Using SCP with Different Port
Uploading files with SCP on a different port also requires the -P flag. Remember the SCP command is similar to the cp command. Therefore, when uploading files, the file destination directory must also be placed at the end of the command.
In the example, below I upload the linuxhint.file through port 3940 to the remote subdirectory named linuxhintdir, located in the remote home directory.
Uploading Directories Using SCP with Different Port
The example below shows how to upload a directory instead of a regular file. For this purpose, just like when uploading files, you only need to add the -r flag.
The following example shows how to upload the directory named dir to the /tmp remote directory through port 3940.
That’s all you need to know to transfer files using SCP from or to a remote device using a different SSH port.
Change the Remote Default SSH Port from 22 to Other
To use SCP through a different port, the other side must have the port you want to use configured.
To change the default SSH port, you need to edit the SSH configuration file. On most Linux distributions, you can edit that file by running the command below.
Once opened, find the line containing “Port 22” shown in the image below.
Change the number 22 for the port you want to use with SCP. In the screenshot below, you can see I changed the default port to port 3940.
Once edited, press CTRL+X and Y to exit saving changes.
Then, restart the SSH service by running the command below.
Now, you’ll be able to fetch or upload files using SCP on the port you defined.
Conclusion
As you can see, using the SCP command through different ports than 22 is pretty easy to implement. Yet, it is important to remind readers the SCP command is obsolete and replaced by safer alternatives like rsync or sftp. Users must be aware that although the SCP command is based on the SSH protocol, the -P flag must be typed in upper case, contrary to the SSH port specification which is done using a lowercase -p.
Thank you for reading Linux Hint. I hope this tutorial was useful. Keep following us for more Linux tips and tutorials.
About the author
David Adams
David Adams is a System Admin and writer that is focused on open source technologies, security software, and computer systems.