How to use the scp command in Linux

Overview

In this tutorial, you will learn how to use the SCP command in Linux to securely copy files to remote hosts.

The scp command uses SSH to transfer data from one host to another, and uses the same authentication and security provided by SSH. As such, this is one of the most secure ways to transfer data between servers on a LAN network.

SCP Command Basics

To copy files or directories from one host to another you use the following syntax.

scp [options] source ... target
  • The source is a list of files or directories to be copied to the target host.
  • The target is the host you are copying files to.

The following are common options related to SSH that can be set.

OptionDescription
-4Forces scp to use IPv4 addresses only.
-6Forces scp to use IPv6 addresses only
-BSelects batch mode. This mode surpasses any prompts for passwords or passphrases.
-CCompression enabled, which is passed to SSH.
-c cipherThe cipher to be used by SSH
-F ssh_configSpecifies an alternative per-user configuration file for ssh.
-i identity_fileSelects the file from which the identity (private key) for public key authentication is read.
-J destinationConnect to the target host by first making an scp connection to the jump host described by destination, and then establishing a TCP forwarding to the destination from there. Multiple jump hops may be specified separated by comma characters.
-l limitLimits the bandwidth, specified in Kbit/s.
-o ssh_optionsUsed to pass options to SSH in the format used in ssh_config(5).

SCP Files to a Target Server

The following example copies a directory path ~/app from the source host to a target host at 10.0.0.24. The SSH connection uses the lab_id_rsa private key for authentication.

scp -I ~/.ssh/lab_id_rsa ~/app 10.0.0.24:/opt/app

SCP Multiple Files to a Target Server

In the following example, multiple directories from the source host are copied to the remote host. The directories are copied into the /opt/backups directory on the target host.

scp ~/app1 ~/app2 ~/app3 10.0.0.24:/opt

SCP over IPv4 Only

In this example we force the scp command to use IPv4 addresses only to copy files between two hosts.

scp -4 ~/app1 ~/app2 ~/app3 10.0.0.24:/opt

SCP over IPv6 Only

With IPv6 becoming even more common in enterprise organizations and the Internet, you may want to force IPv6 only when using the scp command.

scp -6 ~/app1 ~/app2 ~/app3 10.0.0.24:/opt

SCP Batch Mode to Suppress Passwords

When copying data between two hosts using the scp command in a script file or automated workflow, any password or passphrase prompts should be suppressed. The scp command has a -B flag that forces prompts to be ignored.

In order to use the scp batch mode the remote user must not have a password, which is strongly discouraged, or it must use SSH public/private key pairs for authentication.

scp -i ~/.ssh/backup_id_rsa ~/backup/files 10.0.0.4:/opt/backups

Conclusion

The scp command is a very secure way of transferring data from one host to another. As it uses SSH to transfer data, the connections are very secure and support many of the options available to SSH.

Also, with its batch mode the scp command can be used in automated workflows, without worrying about password or passphrase prompts. So long as you have a private ssh key, with its public pair on the remote host, you can transfer data without being prompted to a password.