Scp

wikipedia:Secure copy (scp) is a means of securely transferring computer files between a local host and a remote host or between two remote hosts. scp implements a progress bar to estimate transfers.

http://man7.org/linux/man-pages/man1/scp.1.html

Example

scp USERNAME@SERVER:/tmp/FILE ./
USERNAME@SERVER's password:
Could not chdir to home directory /home/USERNAME: No such file or directory
protocol error: mtime.sec not present

scp -r .../...

Security

According to OpenSSH developers in April 2019 the scp protocol is outdated, inflexible and not readily fixed; they recommend the use of more modern protocols like sftp and rsync for file transfer.^[1]

OpenSSH 8.3 May 2020 scp(1): when receiving files, scp(1) could be become desynchronised if a utimes (2) system call failed. This could allow file contents to be interpreted as file metadata and thereby permit an adversary to craft a file system that, when copied with scp(1) in a configuration that caused utimes(2) to fail (e.g. under a SELinux policy or syscall sandbox), transferred different file names and contents to the actual file system layout. Exploitation of this is not likely as utimes(2) does not fail under normal circumstances. Successful exploitation is not silent - the output of scp(1) would show transfer errors followed by the actual file(s) that were received. Finally, filenames returned from the peer are (since openssh-8.0) matched against the user's requested destination, thereby disallowing a successful exploit from writing files outside the user's selected target glob (or directory, in the case of a recursive transfer). This ensures that this attack can achieve no more than a hostile peer is already able to achieve within the scp protocol.

Activities

Understand the differences between cp, scp and rsync: https://stackoverflow.com/questions/20244585/how-does-scp-differ-from-rsync
Review security advisories related to scp: CVE-2019-6111^[2] related to scp tool and protocol allowing to overwrite arbitrary files in the scp client target directory
pv </dev/zero | ssh REMOTE_SERVER 'cat >/dev/null'

Related terms

pscp (PuTTY)
sftp
jailkit
magic-wormhole
progress
scp -3 -3 Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. Note that this option disables the progress meter.
Resume transmissions: rsync --partial --progress

sftp, sftp chroot configuration, Filezilla, Core FTP, sshfs, internal-sftp, sshd_config, SFTP protocol, Secure file transfer program (sftp)
cp, dd, sftp, scp, rsync, casync, mv, fio, ln, docker cp, kubectl cp, minikube cp, multipass transfer, Copy-Item, Xcopy
OpenSSH (changelog): /etc/ssh/sshd_config | /etc/ssh/ssh_config | ~/.ssh/ | openSSL | sshd logs | sftp | scp | authorized_keys | ssh-keygen | ssh-keyscan | ssh-add | ssh-agent | ssh | Ssh -O stop | ssh-copy-id | CheckHostIP | UseKeychain, OpenSSF

↑ "OpenSSH 8.0". OpenSSH Release Notes. 17 April 2019.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>

↑ https://nvd.nist.gov/vuln/detail/CVE-2019-6111

[1]

[2]

Scp

Contents

Example

Security

Activities

Related terms

See also

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools