scp命令

回到手册索引

命令用途

在 Linux 系统中，scp（Secure Copy）命令用于通过 SSH 协议在网络上安全地复制文件。该命令利用 SFTP 协议进行数据传输，确保了数据传输过程中的安全性。使用 scp，可以将文件从本地复制到远程主机，或者将远程主机的文件复制到本地，甚至在两台远程主机之间传输文件。

常用用法示例

拷贝本地文件到远程主机

假设我们要将本地文件 /home/user/file.txt 复制到远程主机 192.168.1.100 的 /home/remoteuser/ 目录中，命令如下：

scp /home/user/file.txt remoteuser@192.168.1.100:/home/remoteuser/

执行该命令后，如果是第一次连接到该主机，系统会提示确认远程主机的身份，并要求输入 remoteuser 用户的密码。假设密码正确，命令执行的输出如下：

file.txt                                             100%   12KB  12.3MB/s   00:00

解释：

file.txt 是正在复制的文件。
100% 表示文件复制完成。
12KB 是文件大小。
12.3MB/s 是文件复制的传输速度。
00:00 表示复制文件所花费的时间。

常用参数选项

• -r：递归复制整个目录。如果要复制目录及其内容，需要使用此选项。例如，复制本地目录 /home/user/dir 到远程主机：

scp -r /home/user/dir remoteuser@192.168.1.100:/home/remoteuser/

• -P port：指定远程主机的 SSH 端口（注意：大写 P）。如果远程主机使用非默认的 SSH 端口（如 2222），可以使用该选项：

scp -P 2222 /home/user/file.txt remoteuser@192.168.1.100:/home/remoteuser/

• -i identity_file：指定用于身份验证的私钥文件。如果你使用的是 SSH 密钥而非密码进行身份验证，可以指定该选项：

scp -i /path/to/private_key /home/user/file.txt remoteuser@192.168.1.100:/home/remoteuser/

• -v：详细模式，显示调试信息，适合调试连接问题。例如，执行如下命令：

scp -v /home/user/file.txt remoteuser@192.168.1.100:/home/remoteuser/

输出将包含更多调试信息，有助于检查网络连接和身份验证过程。

• -C：启用压缩。传输大文件时，可以使用此选项以提高传输效率：

scp -C /home/user/largefile.zip remoteuser@192.168.1.100:/home/remoteuser/

• -q：静默模式，禁用进度条和诊断信息。这对于不需要显示详细信息的场景非常有用：

scp -q /home/user/file.txt remoteuser@192.168.1.100:/home/remoteuser/

原厂文档

NAME

   scp — OpenSSH secure file copy

SYNOPSIS

   scp [-346ABCOpqRrsTv] [-c cipher] [-D sftp_server_path] [-F
   ssh_config] [-i identity_file] [-J destination] [-l limit] [-o
   ssh_option] [-P port] [-S program] [-X sftp_option] source ...
   target

DESCRIPTION

   scp copies files between hosts on a network.

   scp uses the SFTP protocol over a ssh(1) connection for data
   transfer, and uses the same authentication and provides the same
   security as a login session.

   scp will ask for passwords or passphrases if they are needed for
   authentication.

   The source and target may be specified as a local pathname, a
   remote host with optional path in the form [user@]host:[path], or
   a URI in the form scp://[user@]host[:port][/path].  Local file
   names can be made explicit using absolute or relative pathnames to
   avoid scp treating file names containing ‘:’ as host specifiers.

   When copying between two remote hosts, if the URI format is used,
   a port cannot be specified on the target if the -R option is used.

   The options are as follows:

   -3      Copies between two remote hosts are transferred through
           the local host.  Without this option the data is copied
           directly between the two remote hosts.  Note that, when
           using the legacy SCP protocol (via the -O flag), this
           option selects batch mode for the second host as scp
           cannot ask for passwords or passphrases for both hosts.
           This mode is the default.

   -4      Forces scp to use IPv4 addresses only.

   -6      Forces scp to use IPv6 addresses only.

   -A      Allows forwarding of ssh-agent(1) to the remote system.
           The default is not to forward an authentication agent.

   -B      Selects batch mode (prevents asking for passwords or
           passphrases).

   -C      Compression enable.  Passes the -C flag to ssh(1) to
           enable compression.

   -c cipher
           Selects the cipher to use for encrypting the data
           transfer.  This option is directly passed to ssh(1).

   -D sftp_server_path
           Connect directly to a local SFTP server program rather
           than a remote one via ssh(1).  This option may be useful
           in debugging the client and server.

   -F ssh_config
           Specifies an alternative per-user configuration file for
           ssh.  This option is directly passed to ssh(1).

   -i identity_file
           Selects the file from which the identity (private key) for
           public key authentication is read.  This option is
           directly passed to ssh(1).

   -J destination
           Connect to the target host by first making an scp
           connection to the jump host described by destination and
           then establishing a TCP forwarding to the ultimate
           destination from there.  Multiple jump hops may be
           specified separated by comma characters.  This is a
           shortcut to specify a ProxyJump configuration directive.
           This option is directly passed to ssh(1).

   -l limit
           Limits the used bandwidth, specified in Kbit/s.

   -O      Use the legacy SCP protocol for file transfers instead of
           the SFTP protocol.  Forcing the use of the SCP protocol
           may be necessary for servers that do not implement SFTP,
           for backwards-compatibility for particular filename
           wildcard patterns and for expanding paths with a ‘~’
           prefix for older SFTP servers.

   -o ssh_option
           Can be used to pass options to ssh in the format used in
           ssh_config(5).  This is useful for specifying options for
           which there is no separate scp command-line flag.  For
           full details of the options listed below, and their
           possible values, see ssh_config(5).

                 AddressFamily
                 BatchMode
                 BindAddress
                 BindInterface
                 CanonicalDomains
                 CanonicalizeFallbackLocal
                 CanonicalizeHostname
                 CanonicalizeMaxDots
                 CanonicalizePermittedCNAMEs
                 CASignatureAlgorithms
                 CertificateFile
                 CheckHostIP
                 Ciphers
                 Compression
                 ConnectionAttempts
                 ConnectTimeout
                 ControlMaster
                 ControlPath
                 ControlPersist
                 GlobalKnownHostsFile
                 GSSAPIAuthentication
                 GSSAPIDelegateCredentials
                 HashKnownHosts
                 Host
                 HostbasedAcceptedAlgorithms
                 HostbasedAuthentication
                 HostKeyAlgorithms
                 HostKeyAlias
                 Hostname
                 IdentitiesOnly
                 IdentityAgent
                 IdentityFile
                 IPQoS
                 KbdInteractiveAuthentication
                 KbdInteractiveDevices
                 KexAlgorithms
                 KnownHostsCommand
                 LogLevel
                 MACs
                 NoHostAuthenticationForLocalhost
                 NumberOfPasswordPrompts
                 PasswordAuthentication
                 PKCS11Provider
                 Port
                 PreferredAuthentications
                 ProxyCommand
                 ProxyJump
                 PubkeyAcceptedAlgorithms
                 PubkeyAuthentication
                 RekeyLimit
                 RequiredRSASize
                 SendEnv
                 ServerAliveInterval
                 ServerAliveCountMax
                 SetEnv
                 StrictHostKeyChecking
                 TCPKeepAlive
                 UpdateHostKeys
                 User
                 UserKnownHostsFile
                 VerifyHostKeyDNS

   -P port
           Specifies the port to connect to on the remote host.  Note
           that this option is written with a capital ‘P’, because -p
           is already reserved for preserving the times and mode bits
           of the file.

   -p      Preserves modification times, access times, and file mode
           bits from the source file.

   -q      Quiet mode: disables the progress meter as well as warning
           and diagnostic messages from ssh(1).

   -R      Copies between two remote hosts are performed by
           connecting to the origin host and executing scp there.
           This requires that scp running on the origin host can
           authenticate to the destination host without requiring a
           password.

   -r      Recursively copy entire directories.  Note that scp
           follows symbolic links encountered in the tree traversal.

   -S program
           Name of program to use for the encrypted connection.  The
           program must understand ssh(1) options.

   -T      Disable strict filename checking.  By default when copying
           files from a remote host to a local directory scp checks
           that the received filenames match those requested on the
           command-line to prevent the remote end from sending
           unexpected or unwanted files.  Because of differences in
           how various operating systems and shells interpret
           filename wildcards, these checks may cause wanted files to
           be rejected.  This option disables these checks at the
           expense of fully trusting that the server will not send
           unexpected filenames.

   -v      Verbose mode.  Causes scp and ssh(1) to print debugging
           messages about their progress.  This is helpful in
           debugging connection, authentication, and configuration
           problems.

   -X sftp_option
           Specify an option that controls aspects of SFTP protocol
           behaviour.  The valid options are:

           nrequests=value
                   Controls how many concurrent SFTP read or write
                   requests may be in progress at any point in time
                   during a download or upload.  By default 64
                   requests may be active concurrently.

           buffer=value
                   Controls the maximum buffer size for a single SFTP
                   read/write operation used during download or
                   upload.  By default a 32KB buffer is used.

EXIT STATUS

   The scp utility exits 0 on success, and >0 if an error occurs.

SEE ALSO

   sftp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1),
   ssh_config(5), sftp-server(8), sshd(8)

HISTORY

   scp is based on the rcp program in BSD source code from the
   Regents of the University of California.

   Since OpenSSH 9.0, scp has used the SFTP protocol for transfers by
   default.

AUTHORS

   Timo Rinne <tri@iki.fi> Tatu Ylonen <ylo@cs.hut.fi>

CAVEATS

   The legacy SCP protocol (selected by the -O flag) requires
   execution of the remote user's shell to perform glob(3) pattern
   matching.  This requires careful quoting of any characters that
   have special meaning to the remote shell, such as quote
   characters.

COLOPHON

   This page is part of the openssh (Portable OpenSSH) project.
   Information about the project can be found at
   http://www.openssh.com/portable.html.  If you have a bug report
   for this manual page, see ⟨http://www.openssh.com/report.html⟩.
   This page was obtained from the tarball openssh-9.9p1.tar.gz
   fetched from
   ⟨http://ftp.eu.openbsd.org/pub/OpenBSD/OpenSSH/portable/⟩ on
   2024-02-02.  If you discover any rendering problems in this HTML
   version of the page, or you believe there is a better or more up-
   to-date source for the page, or you have corrections or
   improvements to the information in this COLOPHON (which is not
   part of the original manual page), send a mail to
   man-pages@man7.org