Editing Secure copy protocol (section)

==Secure Copy Protocol==
The '''SCP''' is a [[network protocol]], based on  the [[BSD]] [[rcp (Unix)|RCP]] protocol,<ref>{{cite web|title=scp(1) - OpenBSD manual pages (history section)|url=https://man.openbsd.org/scp#HISTORY|access-date=25 June 2012}}</ref>  which supports [[file transfer]]s between hosts on a network.  SCP uses [[Secure Shell]] (SSH) for data transfer and uses the same mechanisms for authentication, thereby ensuring the [[Information security#Authenticity|authenticity]] and [[confidentiality]] of the [[data in transit]].  A client can send (upload) files to a server, optionally including their basic attributes (permissions, timestamps). Clients can also request files or directories from a server (download).  SCP runs over [[TCP port]] 22 by default.<ref>{{Cite web|title=SCP - Secure Copy Protocol - What is it & Full Definition & Example Cmds!|url=https://www.pcwdld.com/what-is-scp|date=2019-06-29|website=PC & Network Downloads - PCWDLD.com|language=en-US|access-date=2020-05-22}}</ref>  Like RCP, there is no [[Request for Comments|RFC]] that defines the specifics of the protocol.

===Function===
Normally, a client initiates an SSH connection to the remote host, and requests an SCP process to be started on the remote server.  The remote SCP process can operate in one of two modes:
* source mode, which reads files (usually from disk) and sends them back to the client, or
* sink mode, which accepts the files sent by the client and writes them (usually to disk) on the remote host.
For most SCP clients, source mode is generally triggered with the <code>-f</code> flag (from), while sink mode is triggered with <code>-t</code> (to).<ref name="Pechanec"/>  These flags are used internally and are not documented outside the SCP source code.

===Remote to remote mode===
In the past, in remote-to-remote secure copy, the SCP client would open an SSH connection to the source host and request that it, in turn, open an SCP connection to the destination. (Remote-to-remote mode did not support opening two SCP connections and using the originating client as an intermediary). SCP thus could not be used to remotely copy from the source to the destination when operating in password or keyboard-interactive authentication mode, as this would reveal the destination server's authentication credentials to the source. It was, however, possible with key-based or [[GSSAPI]] methods that do not require user input.<ref name="Pechanec"/>

More recently, remote-to-remote mode supports routing traffic through the client which originated the transfer, even though it is a 3rd party to the transfer. This way, authorization credentials must reside only on the originating client, the 3rd party.<ref>{{Cite web|title=How to use Secure Copy for file transfer|url=https://www.techrepublic.com/article/how-to-use-secure-copy-for-file-transfer/|first=Brandon|last=Carroll|website=TechRepublic|language=en|access-date=2020-05-22|date=16 August 2017 }}</ref>

===Issues using talkative shell profiles===
SCP does not expect text communicating with the SSH login shell.  Text transmitted due to the SSH profile (e.g. <code>echo "Welcome"</code> in the <code>.bashrc</code> file) is interpreted as an error message, and a null line (<code>echo ""</code>) causes SCP client to deadlock waiting for the error message to complete.<ref name="Pechanec"/>