Secure copy

From CryptoDox, The Online Encyclopedia on Cryptography and Information Security

Jump to: navigation, search

Secure Copy or SCP is a means of securely transferring computer files between a local and a remote host or between two remote hosts, using the Secure Shell (SSH) protocol.

The term SCP can refer to one of two related things, the SCP protocol or the SCP program.

Contents

SCP protocol

The SCP protocol is similar to the BSD rcp protocol, however unlike rcp, data is encrypted during transfer, to avoid potential packet sniffers extracting usable information from the data packets. The protocol itself does not provide authentication and security; it relies on the underlying protocol, SSH, to provide these features.

SCP can interactively request any passwords or passphrases required to make a connection to a remote host, unlike rcp which fails in this situation.

The SCP protocol implements file transfers only. It does so by connecting to the host using SSH and there executes an SCP server (scp). The SCP server program is typically the same program as the SCP client.

For upload, the client feeds the server with files to be uploaded, optionally including their basic attributes (permissions, timestamps). This is an advantage over the common FTP protocol, which does not have provision for uploads to include the original date/timestamp attribute.

For downloads, the client sends a request for files or directories to be downloaded. When downloading a directory, the server feeds the client with its subdirectories and files. Thus the download is server-driven, which imposes a security risk when connected to a malicious server.

For most applications, the SCP protocol is superseded by the more comprehensive SFTP protocol, which is also based on SSH.

SCP program

The SCP program is a client implementing the SCP protocol, i.e. it is a program to perform secure copying.

The most widely used SCP client is the command line scp program, that is provided in most SSH implementations. The scp program is the secure analog of the rcp command. The scp program must be part of all SSH servers that want to provide SCP service, as scp functions as SCP server too.

Some SSH implementations provide the scp2 program, which uses the SFTP protocol instead of SCP, but provides the very same command line interface as scp. scp is then typically a symbolic link to scp2.

Typically, a syntax of scp program is like the syntax of cp:

scp SourceFile user@host:directory/TargetFile
scp user@host:folder/SourceFile TargetFile

As the SCP protocol implements file transfers only, GUI SCP clients are rare, as implementing it requires additional functionality (directory listing at least). For example, WinSCP defaults to the SFTP protocol. Even when operating in SCP mode, clients like WinSCP are typically not pure SCP clients, as they must use other means to implement the additional functionality (like the ls command). This in turn brings platform-dependency problems. Thus it may not be possible to work with a particular SCP server using a GUI SCP client, even if you are able to work with the same server using a traditional command line client.

More comprehensive tools for managing files over SSH are SFTP clients.

See also

Template:Portal

Implementations

Servers

Clients

Multiplatform

Microsoft Windows

  • Red Bird SFX - Secure File Transfer
  • WinSCP

Unix

Mac OS X

  • Fugu
  • Red Bird SFX - Secure File Transfer