SCP Secure Copy

scp cheatsheet — securely copy files over SSH. scp file user@host:/path, scp -r directory, scp -P 2222 for custom port. Transfer files between servers with SSH encryption.

6 min read

What it is

scp is a command-line utility for securely copying files between hosts on a network using the SSH protocol.

Installation

scp is typically included as part of the OpenSSH client package, which is pre-installed on most Linux and macOS systems.

Linux:

sudo apt update && sudo apt install openssh-client  # Debian/Ubuntu
sudo yum install openssh-clients                   # CentOS/RHEL/Fedora

macOS: OpenSSH client is pre-installed.

Windows: OpenSSH client can be installed via "Optional features" in Windows settings or using package managers like Chocolatey:

Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0
choco install openssh

Alternatively, use the built-in scp command in PowerShell or Command Prompt if OpenSSH client is enabled.

Core Concepts

scp relies on the SSH protocol for authentication and data transfer, meaning it uses SSH’s key-based or password-based authentication mechanisms.

Commands / Usage

Copying files from local to remote

Copy a single file to a remote server:

scp /path/to/local/file.txt user@remote_host:/path/to/remote/directory/

Copies file.txt from your local machine to the specified directory on the remote server.

Copy a single file to a remote server with a specific port:

scp -P 2222 /path/to/local/file.txt user@remote_host:/path/to/remote/directory/

Copies file.txt using SSH port 2222 on the remote host.

Copy a directory recursively to a remote server:

scp -r /path/to/local/directory user@remote_host:/path/to/remote/parent_directory/

Copies the entire directory (and its contents) to the parent_directory on the remote server.

Copy multiple files to a remote server:

scp /path/to/local/file1.txt /path/to/local/file2.jpg user@remote_host:/path/to/remote/directory/

Copies file1.txt and file2.jpg to the specified directory on the remote server.

Copy a file to the remote user’s home directory:

scp /path/to/local/document.pdf user@remote_host:~/

Copies document.pdf to the home directory (~) of user on remote_host.

Copy a file and preserve modification times, access times, and modes:

scp -p /path/to/local/config.yaml user@remote_host:/etc/app/

Copies config.yaml and attempts to preserve its metadata.

Copy a file using a specific identity file (SSH private key):

scp -i ~/.ssh/id_rsa_specific /path/to/local/script.sh user@remote_host:/home/user/bin/

Uses the SSH private key id_rsa_specific for authentication.

Copying files from remote to local

Copy a single file from a remote server:

scp user@remote_host:/path/to/remote/file.txt /path/to/local/directory/

Copies file.txt from the remote server to your local directory.

Copy a single file from a remote server using a specific port:

scp -P 2222 user@remote_host:/path/to/remote/file.txt /path/to/local/directory/

Copies file.txt from the remote host using SSH port 2222.

Copy a directory recursively from a remote server:

scp -r user@remote_host:/path/to/remote/directory /path/to/local/parent_directory/

Copies the entire directory (and its contents) from the remote server to the parent_directory on your local machine.

Copy multiple files from a remote server:

scp user@remote_host:/path/to/remote/data.csv /path/to/remote/report.pdf /path/to/local/download/

Copies data.csv and report.pdf from the remote server to your local download directory.

Copy a file from the remote user’s home directory:

scp user@remote_host:~/important_notes.md /home/localuser/Documents/

Copies important_notes.md from the remote user’s home directory to your local Documents folder.

Copy a file using a specific identity file (SSH private key):

scp -i ~/.ssh/id_rsa_specific user@remote_host:/var/log/app.log /tmp/logs/

Uses the SSH private key id_rsa_specific for authentication to retrieve app.log.

Advanced Usage

Disable strict host key checking (use with caution):

scp -o StrictHostKeyChecking=no /path/to/local/file.txt user@remote_host:/tmp/

Skips the check for the remote host’s identity. Useful for automated scripts or testing, but less secure.

Use verbose output to see transfer progress:

scp -v /path/to/local/large_file.zip user@remote_host:/data/

Provides detailed debugging information about the connection and transfer.

Limit bandwidth usage:

scp -l 800 /path/to/local/file.txt user@remote_host:/tmp/

Limits the transfer speed to 800 kilobits per second.

Compress data during transfer:

scp -C /path/to/local/archive.tar.gz user@remote_host:/backups/

Enables compression (-C) for faster transfers over slower networks.

Common Patterns

Syncing a directory (simple copy): To copy a local directory to a remote server, overwriting existing files if they are newer or don’t exist.

scp -r /path/to/local/project user@remote_host:/var/www/html/

Downloading a log file:

scp user@remote_host:/var/log/syslog /tmp/remote_syslog

Uploading a configuration file:

scp /etc/nginx/sites-available/my-site.conf user@remote_host:/etc/nginx/sites-available/

Copying between two remote hosts (via local machine): This initiates the transfer from your local machine, which connects to the first remote host, then to the second remote host.

scp user1@remote_host1:/path/to/file.txt user2@remote_host2:/path/to/destination/

Copying between two remote hosts (direct, if allowed): If remote_host1 has SSH access to remote_host2 and scp is configured to allow it, you can do this directly.

scp user1@remote_host1:/path/to/file.txt user2@remote_host2:/path/to/destination/

(Note: This example is identical to the previous one; the difference is in the underlying SSH configuration and network routing, not the scp command syntax itself.)

Gotchas

  • Permissions: By default, scp does not preserve file permissions on the destination unless the -p flag is used.
  • Overwriting: scp will overwrite existing files on the destination without prompting by default.
  • Directory Creation: When copying a directory, scp -r creates the directory on the destination if it doesn’t exist. If the destination path is a file, it will fail. If the destination path is an existing directory, the source directory will be placed inside it.
  • Host Key Verification: The first time you connect to a new host, scp will prompt you to verify the host’s key. If the host key changes later, scp will refuse to connect to prevent man-in-the-middle attacks. You may need to manually remove the old key from ~/.ssh/known_hosts if you trust the new key.
  • Firewall Rules: Ensure that the SSH port (default 22) is open on the firewall of the destination server. If using a non-standard port (-P), ensure that port is open.
  • Path Specificity: Be mindful of trailing slashes. scp /local/file user@host:/remote/dir/ copies file into dir. scp /local/file user@host:/remote/dir (no slash) might try to rename file to dir if dir does not exist.
  • Wildcards: Shell wildcards (like *) are expanded by the local shell by default. To have them expanded on the remote shell, you must quote them: scp 'user@host:/path/*.txt' /local/dir/.