Editing Secure copy protocol

{{short description|Network protocol for copying files between computers}}
{{Infobox software
| name                   = scp
| logo                   = 
| screenshot             = 
| screenshot size        = 
| caption                = 
| developer              = The OpenSSH Project
| released               = 
| latest release version = 
| latest release date    = 
| repo                   = {{URL|https://github.com/openssh/openssh-portable/}}
| programming language   = [[C (programming language)|C]]
| operating system       = [[Cross-platform]]
| genre                  = [[Command (computing)|Command]], [[Communication protocol]]
| license                = 
| website                = {{URL|https://www.openssh.com/}}
}}
'''Secure copy protocol''' ('''SCP''') is a means of securely transferring [[computer file]]s between a local host and a remote [[server (computing)|host]] or between two remote hosts. It is based on the [[Secure Shell]] (SSH) protocol.<ref>{{cite web|title=Linux and Unix scp command|url=https://www.computerhope.com/unix/scp.htm|access-date=4 August 2015|website=Computer Hope}}</ref> "SCP" commonly refers to both the Secure Copy Protocol and the program itself.<ref name="Pechanec">{{cite web|url=https://blogs.oracle.com/janp/entry/how_the_scp_protocol_works|title=How the SCP protocol works|last=Pechanec|first=Jan|author-link=Jan Pechanec|publisher=Oracle|archive-url=https://web.archive.org/web/20170215184048/https://blogs.oracle.com/janp/entry/how_the_scp_protocol_works|archive-date=2017-02-15|work=Jan Pechanec's weblog|access-date=4 August 2015}}</ref>

According to [[OpenSSH]] developers in April 2019, SCP is outdated, inflexible and not readily fixed; they recommend the use of more modern protocols like [[SSH File Transfer Protocol|SFTP]] and [[rsync]] for file transfer.<ref>{{cite web|url=https://www.openssh.com/txt/release-8.0|title=OpenSSH 8.0|work=OpenSSH Release Notes|date=17 April 2019}}</ref> As of  OpenSSH version 9.0, <code>scp</code> client therefore uses SFTP for file transfers by default instead of the legacy SCP/RCP protocol.<ref name=ossh9>{{cite web |date=8 April 2022 |title=OpenSSH 9.0 |url=https://www.openssh.com/txt/release-9.0 |work=OpenSSH Release Notes}}</ref>

==Secure Copy Protocol==
The '''SCP''' is a [[network protocol]], based on  the [[BSD]] [[rcp (Unix)|RCP]] protocol,<ref>{{cite web|title=scp(1) - OpenBSD manual pages (history section)|url=https://man.openbsd.org/scp#HISTORY|access-date=25 June 2012}}</ref>  which supports [[file transfer]]s between hosts on a network.  SCP uses [[Secure Shell]] (SSH) for data transfer and uses the same mechanisms for authentication, thereby ensuring the [[Information security#Authenticity|authenticity]] and [[confidentiality]] of the [[data in transit]].  A client can send (upload) files to a server, optionally including their basic attributes (permissions, timestamps). Clients can also request files or directories from a server (download).  SCP runs over [[TCP port]] 22 by default.<ref>{{Cite web|title=SCP - Secure Copy Protocol - What is it & Full Definition & Example Cmds!|url=https://www.pcwdld.com/what-is-scp|date=2019-06-29|website=PC & Network Downloads - PCWDLD.com|language=en-US|access-date=2020-05-22}}</ref>  Like RCP, there is no [[Request for Comments|RFC]] that defines the specifics of the protocol.

===Function===
Normally, a client initiates an SSH connection to the remote host, and requests an SCP process to be started on the remote server.  The remote SCP process can operate in one of two modes:
* source mode, which reads files (usually from disk) and sends them back to the client, or
* sink mode, which accepts the files sent by the client and writes them (usually to disk) on the remote host.
For most SCP clients, source mode is generally triggered with the <code>-f</code> flag (from), while sink mode is triggered with <code>-t</code> (to).<ref name="Pechanec"/>  These flags are used internally and are not documented outside the SCP source code.

===Remote to remote mode===
In the past, in remote-to-remote secure copy, the SCP client would open an SSH connection to the source host and request that it, in turn, open an SCP connection to the destination. (Remote-to-remote mode did not support opening two SCP connections and using the originating client as an intermediary). SCP thus could not be used to remotely copy from the source to the destination when operating in password or keyboard-interactive authentication mode, as this would reveal the destination server's authentication credentials to the source. It was, however, possible with key-based or [[GSSAPI]] methods that do not require user input.<ref name="Pechanec"/>

More recently, remote-to-remote mode supports routing traffic through the client which originated the transfer, even though it is a 3rd party to the transfer. This way, authorization credentials must reside only on the originating client, the 3rd party.<ref>{{Cite web|title=How to use Secure Copy for file transfer|url=https://www.techrepublic.com/article/how-to-use-secure-copy-for-file-transfer/|first=Brandon|last=Carroll|website=TechRepublic|language=en|access-date=2020-05-22|date=16 August 2017 }}</ref>

===Issues using talkative shell profiles===
SCP does not expect text communicating with the SSH login shell.  Text transmitted due to the SSH profile (e.g. <code>echo "Welcome"</code> in the <code>.bashrc</code> file) is interpreted as an error message, and a null line (<code>echo ""</code>) causes SCP client to deadlock waiting for the error message to complete.<ref name="Pechanec"/>

==scp program==
The '''SCP program'''<ref>{{cite web | url=https://github.com/openssh/openssh-portable/blob/master/scp.c | title=Portable OpenSSH | website=[[GitHub]] | date=13 May 2022 }}</ref> is a software tool implementing the SCP protocol as a service daemon or client.  It is a program to perform secure copying.

Perhaps the most widely used SCP program is the OpenSSH [[command line]] <code>scp</code> program, which is provided in most SSH implementations. The <code>scp</code> program is the secure analog of the <code>rcp</code> command.  The <code>scp</code> program must be part of all SSH servers that want to provide SCP service, as <code>scp</code> functions as SCP server too. Since OpenSSH 9.0, the program has been updated to use the newer, more secure [[SSH file transfer protocol|SFTP]] protocol; an <code>-O</code> option is added for using SCP with old SCP-only servers.<ref name=ossh9/>

===Syntax===
Typically, a syntax of <code>scp</code> program<ref>"scp(1) - OpenBSD manual pages" https://man.openbsd.org/scp</ref> is like the syntax of [[Cp (Unix)|<code>cp</code> (copy)]]:

Copying local file to a remote host:
 scp <var>LocalSourceFile</var> <var>user</var>@<var>remotehost</var>:<var>directory</var>/<var>TargetFile</var>

Copying file from remote host and recursively copying folder (with <code>-r</code> switch) from remote host:
 scp <var>user</var>@<var>remotehost</var>:<var>directory</var>/<var>SourceFile</var> <var>LocalTargetFile</var>
 scp -r <var>user</var>@<var>host</var>:<var>directory</var>/<var>SourceFolder</var> <var>LocalTargetFolder</var>

Note that if the remote host uses a port other than the default of 22, it can be specified in the command. For example, copying a file from host:
 scp -P 2222 <var>user</var>@<var>host</var>:<var>directory</var>/<var>SourceFile</var> <var>TargetFile</var>

===Other clients===
As the '''Secure Copy Protocol''' implements file transfers only, [[GUI]] SCP clients are rare, as implementing it requires additional functionality ([[directory (file systems)|directory]] listing at least). For example, [[WinSCP]] defaults to the SFTP protocol.<ref>{{Cite web|title=Supported File Transfer Protocols :: WinSCP|url=https://winscp.net/eng/docs/protocols|website=winscp.net|language=en|access-date=2020-05-22}}</ref> Even when operating in SCP mode, clients like WinSCP are typically not pure SCP clients, as they must use other means to implement the additional functionality (like the [[Ls|<code>ls</code> command]]).<ref>{{Cite web|title=The SCP/Shell Page (Advanced Site Settings dialog) :: WinSCP|url=https://winscp.net/eng/docs/ui_login_scp|website=winscp.net|language=en|access-date=2020-05-22}}</ref> This in turn brings platform-dependency problems.

More comprehensive tools for managing files over SSH are [[SSH File Transfer Protocol|SFTP]] clients.

==Security==
In 2019 vulnerability {{CVE|2019-6111}}<ref>{{cite web | url=https://nvd.nist.gov/vuln/detail/CVE-2019-6111 | title=NVD - Cve-2019-6111 }}</ref> was announced related to the [[openssh]] SCP tool and protocol allowing users to overwrite arbitrary files in the SCP client target directory.

==See also==
{{Wikibooks|Guide to Windows Commands}}
{{columns-list|colwidth=20em|
*[[SSH File Transfer Protocol]] (SFTP)
*[[rcp (Unix)|Remote copy]] (rcp)
*[[Comparison of file transfer protocols]]
*[[Files transferred over shell protocol]] (FISH)
*[[FTP over SSH]]
*[[FTPS]]
*[[rsync]]
*[[Secure shell]]
*[[WinSCP]]
}}

==References==
{{Reflist}}

{{Windows commands}}

[[Category:Cryptographic software]]
[[Category:Cryptographic protocols]]
[[Category:Network file transfer protocols]]