From CryptoDox, The Online Encyclopedia on Cryptography and Information Security
The term SCP can refer to one of two related things, the SCP protocol or the SCP program.
The SCP protocol is similar to the BSD rcp protocol, however unlike rcp, data is encrypted during transfer, to avoid potential packet sniffers extracting usable information from the data packets. The protocol itself does not provide authentication and security; it relies on the underlying protocol, SSH, to provide these features.
The SCP protocol implements file transfers only. It does so by connecting to the host using SSH and there executes an SCP server (scp). The SCP server program is typically the same program as the SCP client.
For upload, the client feeds the server with files to be uploaded, optionally including their basic attributes (permissions, timestamps). This is an advantage over the common FTP protocol, which does not have provision for uploads to include the original date/timestamp attribute.
For downloads, the client sends a request for files or directories to be downloaded. When downloading a directory, the server feeds the client with its subdirectories and files. Thus the download is server-driven, which imposes a security risk when connected to a malicious server.
The SCP program is a client implementing the SCP protocol, i.e. it is a program to perform secure copying.
The most widely used SCP client is the command line scp program, that is provided in most SSH implementations. The scp program is the secure analog of the rcp command. The scp program must be part of all SSH servers that want to provide SCP service, as scp functions as SCP server too.
Some SSH implementations provide the scp2 program, which uses the SFTP protocol instead of SCP, but provides the very same command line interface as scp. scp is then typically a symbolic link to scp2.
Typically, a syntax of scp program is like the syntax of cp:
scp SourceFile user@host:directory/TargetFile scp user@host:folder/SourceFile TargetFile
As the SCP protocol implements file transfers only, GUI SCP clients are rare, as implementing it requires additional functionality (directory listing at least). For example, WinSCP defaults to the SFTP protocol. Even when operating in SCP mode, clients like WinSCP are typically not pure SCP clients, as they must use other means to implement the additional functionality (like the ls command). This in turn brings platform-dependency problems. Thus it may not be possible to work with a particular SCP server using a GUI SCP client, even if you are able to work with the same server using a traditional command line client.
More comprehensive tools for managing files over SSH are SFTP clients.