Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ scp(1) — Tru64 UNIX 5.1b

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

rcp(1)

ssh2(1)

sftp2(1)

Files: hosts.equiv(4)

rhosts(4)

shosts(4)

ssh2_config(4)

sshd2_config(4)

scp2(1)  —  Commands

NAME

scp2, scp − Secure Shell client remote copy application

SYNOPSIS

scp2 [−D debug_level_spec] [−d] [−p] [−n] [−u] [−v] [−h] [−c cipher] [−S ssh2-path] [−P ssh2 port#] [−t] [−f] [−r] [−B] [−o ssh-option] [−i filename] [[user@]host[port #]:] file ... [[user@]host[port #]:] filename_or_directoryname

OPTIONS

−D debug_level_spec
Prints debug information to stderr. The debug_level_spec argument is a number between 0 and 99, where 99 specifies that all debug information should be displayed. 

−dMakes sure that the destination file is a directory. If not, the scp2 command will exit with an error message. 

−pPreserves file attributes and timestamps. 

−nDisplays operations that would have been done, without actually copying any files. 

−uRemoves source files after copying. Similar to moving a file with the mv command. 

−vDisplays information in verbose mode. This is equal to specifying the −D 2 option. 

−hDisplays help. 

−c cipher
Specifies the encryption algorithm to use. See the Ciphers keyword in the /etc/ssh2/sshd2_config file and in the /etc/ssh2/ssh2_config file for more information.  Multiple −c options are allowed; a single −c option can specify only one cipher. 

−S ssh2-path
Specifies the path used in connecting.

−o ssh-option
Specifies to use an ssh2 command option. See ssh2(1)

−i file
Specifies the identity file to use.

−p ssh2-port
Specifies the remote port. Ports can also be defined on a file-to-file basis.

−t or −f
These options are reserved for scp1 compatibility mode.  If they are used with the scp2 command, it gives them as arguments to scp1 to handle the connection. 

−rCopies directories recursively.  Does not follow symbolic links. 

−BInvokes batch mode. 

OPERANDS

filename, directoryname
Specifies a system, user, and port to indicate that the file or directory is to be copied to or from that system. The filename and directoryname can contain  globbing patterns (wildcards).  See sshregex(5) for more information about globbing patterns. 

DESCRIPTION

The scp2 command creates a secure connection between a Secure Shell client and server to copy files. The scp2 command is intended as a secure replacement for the rcp command. A secure connection provides client and server authentication, user authentication, data encryption, data integrity, and nonrepudiation. 

After the client’s, server’s, and user’s identity has been proven, the Secure Shell server executes the command.  All communication with the remote command or shell will be automatically encrypted and checked for integrity.  The session terminates when the command completes. 

A Secure Shell client and server use public host keys to authenticate each other. When a client connect to a server for the first time, the user is prompted to accept a copy of the server’s public host key. If the user accepts the key, a copy of the server’s public host key is copied to the user’s hostkeys directory on the client. The client uses this public host key to authenticate the server on subsequent connects. A Secure Shell server authenticates a user by using password authentication, host-based authentication, or public key authentication. 

You can also use the Secure Shell sftp2 command to create a secure network connection between a Secure Shell client and server to copy files. 

See Security Administration for more information about Secure Shell clients and servers and Secure Shell authentication. 

NOTES

The scp2 command uses ssh2 in connections. Therefore it is not installed as suid-root.  The scp2 command requires that the sftp-server subsystem  be defined in the sshd2_config file on the server, which it is by default. See the Subsystem keyword in the /etc/ssh2/sshd2_config file for more information. 

EXAMPLES

The following example shows how to copy files from a local system to a remote system:

prompt>scp localfile user@remotehost:/dest/dir/for/file/

The following example shows how to copy files from a remote system to a local system:

prompt>scp user@remotehost:/dir/for/file/remotefile /dest/dir/for/file

FILES

/etc/ssh2/ssh2_config
Specifies Secure Shell client configuration information.

/etc/ssh2/sshd2_config
Specifies Secure Shell server configuration information.

$HOME/.ssh2/identification
Contains information on how the user will be authenticated when contacting a specific host.  The identification file has the same general syntax as the configuration files. The following keywords can be used:

IdKey This is followed by the file name of a private key in the $HOME/.ssh2 directory used for identification when contacting a host. If there is more than one IdKey, they are tried in the order that they appear in the identification file. 

PgpSecretKeyFile
This is followed by the file name of the user’s OpenPGP private keyring in the $HOME/.ssh2 directory.  The OpenPGP keys listed after this line are expected to be found from this file. The keys identified with IdPgpKey∗-keywords are used like ones identified with IdKey-keyword. 

IdPgpKeyName
This is followed by the OpenPGP key name of the key in the PgpSecretKeyFile file. 

IdPgpKeyFingerprint
This is followed by the OpenPGP key fingerprint of the key in the PgpSecretKeyFile file. 

IdPgpKeyId
This is followed by the OpenPGP key ID of the key in the PgpSecretKeyFile file. 

$HOME/.ssh2/authorization
Contains information on how the server will verify the identity of an user. The authorization file has the same general syntax as the configuration files. The following keywords can be used:

KeyThis is followed by the file name of a public key in the $HOME/.ssh2 directory used for identification when contacting the host. More than one key is acceptable for login. 

PgpPublicKeyFile
This is followed by the file name of the user’s OpenPGP public keyring in the $HOME/.ssh2directory.  OpenPGP keys listed after this line are expected to be found from this file.  Keys identified with PgpKey∗-keywords are used like ones identified with Key-keyword. 

PgpKeyName
This is followed by the OpenPGP key name.

PgpKeyFingerprint
This is followed by the OpenPGP key fingerprint.

PgpKeyId
This is followed by the OpenPGP key ID.

Command
This keyword, if used, must follow the Key or PgpKey∗ keyword. This is used to specify a forced command that will be executed on the server when the user is authenticated. The command supplied by the user (if any) is put in the environment variable SSH2_ORIGINAL_COMMAND. 

The command is run on a pseudoterminal if the connection requests a pseudoterminal; otherwise it is run without a terminal. 

This keyword might be useful for restricting certain public keys to perform a specific operation. For example, a key that permits remote backups but nothing else. 

A client can specify TCP/IP and/or X11 forwardings, unless they are explicitly prohibited. 

$HOME/.ssh2/hostkeys/key_xxxx_yyyy.pub
They files are the public keys of the hosts to which you connect. These are updated automatically, unless you have set the StrictHostKeyChecking parameter to yes in the ssh2_config file. If a host’s key changes, you should put the key here only if you are sure that the new key is valid; for example that there was no man-in-the-middle attack.  The xxxx is the port on the server, where the sshd2 deamon runs, and the yyyy is the host (specified on the command line). 

/etc/ssh2/hostkeys/key_xxxx_yyyy.pub
If a host key is not found from the user’s $HOME/.ssh2/hostkeys directory, this is the next location to be checked. These files have to be updated manually; no files are put here automatically. 

$HOME/.rhosts and $HOME/.shosts
Contains a list of remote users who are not required to supply a password when they use Secure Shell host-based authentication with the ssh2 command. 

/etc/hosts.equiv
Contains the names of remote hosts and users that are equivalent to the local host or user. An equivalent host or user is allowed to use the ssh2 command with Secure Shell host-based authentication without supplying a password. 

$HOME/.ssh2/knownhosts/xxxxyyyy.pub
Contains the public host keys of hosts that users need to log in to when using host based authentication.

The xxxx is the fully qualified domain name (FQDN) and yyyy is the public key algorithm. Public key algorithms are ssh-dss and ssh-rsa.  For example, if the FQDN for a host is server1.foo.fi and it has a key algorithm of ssh-dss, the host key would be server1.foo.fi.ssh-dss.pub in the knownhosts directory. 

A user must add the host name to a $HOME/.shosts file or an $HOME/.rhosts file. 

/etc/ssh2/knownhosts/xxxxyyyy.pub
Same as the $HOME/.ssh2/knownhosts/xxxxyyyy.pub file, but system-wide. This file is overridden if the user puts a file with the same name in the $HOME/.ssh2/knownhosts directory. 

LEGAL NOTICES

SSH is a registered trademark of SSH Communication Security Ltd. 

SEE ALSO

Commands: rcp(1), ssh2(1), sftp2(1)

Files: hosts.equiv(4), rhosts(4), shosts(4), ssh2_config(4), sshd2_config(4)

Guides: Security Administration

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026