Linux SCP command
SCP is the classic tool for making encrypted copies between two Linux- and POSIX-compatible computers in a network. SCP stands for “secure copy” – with “secure” referring to the encryption of the data transfer. The name of the SCP protocol is taken from the two technologies it’s based on:
- the SSH protocol (Secure Shell), which enables encrypted access to remote systems.
- the RCP tool (Remote Copy), which copies files in the network without encryption.
The Linux SCP command is a software that runs on the local system and the server. The tool acts as a daemon and client for the SCP protocol. Since SCP is part of the widely used OpenSSH distribution, it’s available on pretty much every system. As usual on Linux, the SCP command can be accessed via the command line.
However, one significant disadvantage of the SCP protocol is that the software has grown organically. This means that it’s not standardized, and there’s no RFC document or similar specification. A reference implementation that’s part of the OpenSSH project is all there is. Nowadays there are modern alternatives to SCP that are preferred for most use cases.
Functionality and use of the Linux SCP command
The functionality of the Linux SCP command is analogous to the older RCP command. As with RCP, the SCP syntax on the command line follows the CP command that’s used to copy the files on the local system. Since SCP is based on the SSH protocol, network communication runs on TCP Port 22. Here’s an overview of the most common Linux commands for copying data:
Copy command | Name | Functionality | Remote access |
cp | Copy | Copy, only local | - |
rcp | Remote Copy | Copy local-remote, remote-remote | RSH |
scp | Secure Copy | Secure copy local-remote, remote-remote | SSH |
sftp | Secure File Transfer Protocol | Secure copy local-remote, remote-remote; manipulation of remote file systems | SSH |
rsync | Remote Sync | Secure copy local, local-remote, remote-remote; synchronization | SSH, Stunnel |
SCP can be used to copy a file onto a server or to download a file from a server. The protocol only allows a one-way flow of data. This means that for each connection you can only copy in one direction. You can also use SCP to copy files between two systems in a network. Attributes can also be copied from the source file to the target file.
Flow of data when copying between two remote systems
If you want to copy a file between two remote systems using the Linux SCP command, there are a couple of things to take into consideration. SCP uses the SSH protocol to establish encrypted connections. When using SSH, remote systems can be accessed with a username and password or SSH Keys (public/private key pairs). The private method is generally preferable to the public one.
In the original version, in which a file is transferred from one remote system (host) to another host, the following process occurs:
- The user instructs the SCP tool on the local system to transfer a file from Host 1 to Host 2.
- The SCP program on the user’s local system opens a SSH connection to Host 1 and runs the SCP program located there.
- The SCP program on Host 1 opens an SSH connection to Host 2 and transfers the file saved on Host 1 to Host 2 as if it were a local file.
For this process to work, a public SSH key has to be deposited from Host 1 to Host 2. However, this means that Host 1 will have permanent access to Host 2 without any involvement from the user, which poses a security risk. This has given rise to the modern version of the process:
- The user instructs the SCP tool on their local system to transfer a file from Host 1 to Host 2.
- SCP opens one connection to Host 1 and another to Host 2.
- The file is routed through the local system and transferred to Host 2.
In this case, the user’s public SSH key is stored on Host 1 and Host 2. This will often already be the case, for example if the user is an administrator who has access to both hosts.
Syntax of the Linux SCP command
The underlying format of the SCP command is based on the syntax of the CP command, which is used for copying files on the local system. The syntax is laid out as follows: A file from a source path is copied to a target path. Options can be placed before the source path.
scp <options> <source_path> <target_path>
To copy files from, to, or between remote systems, the source or target path (or both) are replaced with a more complex path entry. The entry will contain the network name or the host’s IP address and the name of the user that wants to access the host:
<user>@<host>:<directory/file.extension>
SCP options
As usual, the functionality of the SCP command can be specified using various options. Here’s a selection of the most useful options:
Option | Meaning | Comment |
-C | Use Compression | Not to be confused with “-c” in lowercase, which specifies the cipher for encryption |
-p | Permissions; transfer file attributes to the target file | Not to be confused with “-P” in uppercase, which sets the network port |
-r | Copy directories Recursively | - |
-v | Verbose; show the operation’s execution step-by-step | - |
-q | Quiet; turn off the progress meter | - |
-3 | Third party; send data through local system | - |
For an extensive description of all the available options, take a look at the man page for the Linux SCP command.
Examples for how to use the Linux SCP command
The SCP command has a variety of uses. In what follows, we’ll present just a few of the many possible use cases for the Linux SCP command. Keep in mind that today other tools are preferred to the SCP command for copying files in the network.
Copy a file from a local to a remote system
To copy a file “file.txt” from the current directory in the local system to the host “host1.com”, we’ll use the following code. Note that in this example, the user “user” has login access to the host “host1.com”.
scp file.txt user@host1.com:/path/to/directory
If the copy operation was successful, the file “file.txt” will be in the directory “/path/to/directory”.
Copy a file from a remote to a local system
To reverse the direction of the copy operation, we’ll simply switch the local and the remote path. In this example, we’ll use a period “.” to indicate the current directory as the target directory.
scp user@host1.com:/path/to/directory/file.txt .
In the next example, we’ll copy the file into the folder “Desktop” in the local user folder, which is represented with the tilde “~”. To avoid any potential errors, the path with the tilde should be set in quotation marks:
scp user@host1.com:/path/to/directory/file.txt "~/desktop/"
If you want to copy a file and save it under another name, simply indicate the new name at the end of the target path:
scp user@host1.com:/path/to/directory/file.txt "~/desktop/file.bak"
Copy multiple files
If you’re familiar with the CP command, you’ve probably already guessed that it’s also possible to copy multiple files with the SCP command. The easiest way to do this is to list the files individually. In the following example, all of the files are located in the current directory, which is why we don’t list the path of the files.
scp file-1.txt file-2.txt user@host1.com:/path/to/directory
Be careful when using wildcards and globs like “?” and “*”. When used in the host path, they can lead to unexpected errors. It’s better to use a loop, as we do in our example in the below section “Moving files to a remote system”, or to use an alternative tool.
Copy an entire directory
As with the CP command, SCP can be used to copy an entire directory recursively. Simply add the option “-r” before the source path.
scp -r directory user@host1/com:/path/to/directory
Once the operation is complete, you’ll be able to find copies of all the files and sub-directories of “directory” on the host in the path “path/to/directory”.
When transferring larger files, it’s often a good idea to use the “-C” option, which compresses the files for the transfer.
scp -C -r directory user@host1/com:/path/to/directory
Note that the Linux SCP command always transfers all files together. This means that if the transfer is interrupted, it has to be started again from the beginning. If you’re copying large directories or have an unstable network connection, you should consider using an alternative tool.
Copy a file between two remote systems
To copy a file between two hosts, we’ll indicate the user and host for both the source and target paths:
scp user@host1.com:/path/to/directory/file.txt user@host2.com:/path/to/other/directory
As noted above, it’s usually better to route the transfer through your own system. We’ll use the option “-3” to do this:
scp -3 user@host1.com:/path/to/directory/file.txt user@host2.com:/path/to/other/directory
Moving files to a remote system
A more complex use case for the Linux SCP command is moving local data to a host. This might be handy if you want to, for example, create a remote back up of local files and no longer need the files after they’re backed up. The SCP command doesn’t offer any independent option for moving files, but we can create a solution ourselves using common methods.
Let’s first take a look at the move operation. It’s basically a combination of copying and deleting. We can realize this sequence of operations in the command line with the commands “scp” and “rm”. (“rm” is the command for deleting files.) The logical operator AND “&&” will join the two commands, so that the second is only executed after the first has been successfully completed. That way we can be sure that the copy has been created on the host before the original is deleted.
Finally, we’ll use a for-loop to process the files located in the current directory. There’s the option to only include certain files or file types. Since we want to create an exact backup of every file, we’ll use the option “-p” to copy the file attributes. And since creating a backup is an important process, we’ll keep an eye on the process with the option “-v”.
for file in ./example*.extension ; do scp -p -v "$file" user@host.com:"/backup/${file}.bak" && rm "$file" ; done
Alternatives to the Linux SCP command
Despite being available on almost every system, SCP is no longer a widely preferred method for copying files in the network. The developers of the OpenSSH project, which is home to SCP, have pointed this out themselves.
The SCP maintainers list SFTP (Secure File Transfer Protocol) and Rsync (Remote Sync) as alternatives, both of which also use SSH for encrypted access to the remote host. Both programs also have more functionality and are being actively developed. The only disadvantage of these tools is that they may have to be installed before using them, whereas SCP comes pre-installed on most systems. Let’s take a closer look at the two alternatives.
SFTP is more or less a direct successor to SCP. The data transfer is encrypted and uses existing SSH infrastructure. In practice this means that hosts’ remote file systems can be accessed with STFP if SSH access is allowed from the local system. The SFTP protocol offers a significantly broader range of features than SCP. Transferred data is automatically checked for correctness and interrupted transfers can be resumed.
Rsync is another powerful tool that can do everything SCP can. However, Rsync isn’t a copy command in the strict sense of the word. The tool can do a lot more than that and was conceived as a way to efficiently transfer large files and amounts of data. It compares the data in the source and target and only transfers the difference. If a transfer is interrupted and restarted, it doesn’t have to start over from the beginning.
If SFTP or Rsync is available on your system, you should use one of them instead of SCP for copying data within the network.