Secure copy protocol facts for kids
Developer(s) | The OpenSSH Project |
---|---|
Written in | C |
Operating system | Cross-platform |
Type | Command, Communication protocol |
The Secure Copy Protocol (SCP) is a way to safely move computer files. It lets you transfer files between your computer and another computer far away, or even between two distant computers. SCP uses a secure method called Secure Shell (SSH). The term "SCP" can refer to both the way files are moved and the computer program that does the moving.
In April 2019, the people who make OpenSSH said that SCP is a bit old-fashioned. They suggested using newer, better ways to transfer files, like SFTP and rsync. Because of this, newer versions of the `scp` program now use SFTP by default instead of the older SCP method.
Contents
What is the Secure Copy Protocol?
The Secure Copy Protocol (SCP) is a set of rules for moving files across a computer network. It is based on an older protocol called RCP. SCP uses Secure Shell (SSH) to send data. This means it uses the same secure ways to check who you are, making sure your files are kept private and authentic as they travel.
You can use SCP to send (upload) files from your computer to a server. You can also ask a server to send you files or entire folders (download). SCP usually works over TCP port 22. There isn't an official document (called an RFC) that fully describes how SCP works.
How does SCP work?
When you want to use SCP, your computer first connects to the remote computer using SSH. Then, it asks the remote computer to start an SCP process. This remote SCP process can work in two main ways:
- Source mode: This mode reads files from the remote computer and sends them back to your computer.
- Sink mode: This mode accepts files that your computer sends and saves them on the remote computer.
Most SCP programs use special hidden commands to switch between these modes. For example, `-f` is often used for source mode (from), and `-t` is used for sink mode (to).
Can SCP copy files between two remote computers?
Yes, SCP can copy files between two remote computers. In the past, your computer would connect to the first remote computer and ask it to connect to the second remote computer. This older way had a rule: it couldn't copy files if you were using a password to log in, because it might show your password to the first computer. However, it worked fine with other secure login methods that don't need you to type anything.
More recently, SCP can route the file transfer through your computer, even if your computer isn't the source or destination. This means your login details only need to be on your computer, making it safer.
What if my SSH profile talks too much?
SCP expects a very quiet connection when it uses SSH. If your SSH login profile (like a file called `.bashrc`) sends extra messages, SCP might think these messages are errors. For example, if your profile says "Welcome," SCP could get confused. If it sends an empty line, the SCP program might even stop working while waiting for an error message that never finishes.
What is the scp program?
The scp program is a software tool that uses the SCP rules to copy files securely. It can act as both the client (the program you use) and the server (the program that receives files).
The most common `scp` program is part of OpenSSH. It's like a secure version of the old `rcp` command. The `scp` program needs to be on any SSH server that wants to offer SCP services, because it also works as the SCP server. Since OpenSSH version 9.0, the `scp` program now uses the newer, more secure SFTP by default. There's also a special option, `-O`, if you need to use the old SCP method with older servers.
How do I use the scp program?
The `scp` program works a lot like the `cp` (copy) command. Here are some common ways to use it:
- Copying a file from your computer to a remote computer:
`scp <YourFile> <username>@<remotecomputer>:<folder>/<NewFileName>`
- Copying a file from a remote computer to your computer:
`scp <username>@<remotecomputer>:<folder>/<RemoteFile> <YourFolder>/<NewFileName>`
- Copying an entire folder from a remote computer to your computer (use `-r` for recursive):
`scp -r <username>@<remotecomputer>:<folder>/<RemoteFolder> <YourFolder>/<NewFolder>`
If the remote computer uses a different port number than the usual 22, you can tell `scp` which port to use with the `-P` option: `scp -P 2222 <username>@<remotecomputer>:<folder>/<RemoteFile> <YourFolder>/<NewFileName>`
Are there other SCP programs?
Because the Secure Copy Protocol only handles file transfers, there aren't many graphical user interface (GUI) programs that use only SCP. This is because a GUI program needs more features, like being able to see lists of files and folders. For example, WinSCP usually uses the SFTP protocol by default. Even when it uses SCP, programs like WinSCP often need to use other methods (like the `ls` command) to get extra information about files. This can sometimes cause problems because different computer systems work differently.
For managing files over SSH, SFTP clients are generally more complete and easier to use.
Security concerns with SCP
In 2019, a security issue (called CVE-2019-6111) was found with the `scp` tool and protocol. This issue could allow someone to overwrite files in the target folder on the SCP client's computer. This is one reason why newer versions of `scp` now use SFTP by default, as it's considered more secure.
See also
- SSH File Transfer Protocol (SFTP)
- Remote copy (rcp)
- Comparison of file transfer protocols
- Files transferred over shell protocol (FISH)
- FTP over SSH
- FTPS
- rsync
- Secure shell
- WinSCP