Departments & Programs

More

scp and sftp for file transfers



Copyright Phillip Farrell. Last revision November 24, 2004

Table of Contents:
  1. Getting ssh programs for your computer
  2. ssh for remote login
  3. ssh authentication methods
  4. scp and sftp for file transfers
  5. ssh to run remote commands

The ssh protocol is designed to create encrypted "channels" for communication between computers. In addition to remote shell logins, these channels can be used for other types of connections. In particular, there are standard programs for copying files between computers using ssh encrypted channels. These program are called scp and sftp on Unix systems. GUI based programs that implement the same protocols are available for Macintosh and Windows PCs.

scp is a direct replacement for the old Berkeley rcp command, and is used to copy one or more files between computers with a single command line. sftp is a direct replacement for the standard ftp program, and allows you to interactive browse a remote file system and select files for copying (in either direction) with interactive commands.

scp

scp works just like the standard local Unix copy command, cp, except that you put the name of the remote system, followed by a colon, in front of the pathname specification for the remote file.

You can copy either direction, to or from the remote system, with scp. If no directory is specified for the remote system, your home directory there is assumed.

scp will prompt you for the password on the remote computer, or not, depending upon the type of authentication system you have set up for ssh.

Just like cp, scp will silently remove any existing file that is "in the way" of making its copy, at either end. But unlike cp, there is no -i option that you can use with scp to force it to ask you first before overwriting an existing file. If you think that there is any chance that an existing file may have the same name as the one you trying to copy, you need to check first yourself.

If you are copying from a remote computer to the local computer, you can simply use ls to make sure that your desired new file name is not already taken locally. If you are copying from the local computer to a remote computer, run a remote ls with ssh in remote command mode to check if your desired name is already being used remotely, for example,

ssh remotehost ls

Examples:

  • scp myfile toquima:
    Copies "myfile" to my home directory on toquima.
  • scp myfile toquima:/newdir/newname
    Copies "myfile" to "/newdir/newname" on toquima.
  • scp toquima:myotherfile .
    Gets a copy of "myotherfile" from my home directory on toquima and puts it in my current working directory on the local machine (designated in standard UNIX fashion by the "dot" (.) character).

Just like the cp command, scp has a -p option to propagate the permission settings of the original file to the copy (otherwise the copy is made with the normal settings for new files), and a -r option to copy an entire directory tree with one command.

scp creates a completely transparent encrypted data channel between the two machines, so binary data (such as images or executable programs) is preserved correctly. This also means that scp is unable to perform automatic end-of-line termination conversion between different types of operating systems, as can be done with ftp in "ascii" mode. That will not be a problem when copying between Unix systems, which all use the same end-of-line convention.

sftp

ftp has been a standard for file transfer since the beginning of the Internet. It gives you a special interactive login on a remote computer with a limited set of commands that let you perform file operations, such as browsing the remote file system, copying files back and forth, making directories on the remote system, and removing files from the remote system, all subject, of course, to the permissions available to your account on the remote system. The problem with ftp is that it passes your password, and all file contents, across the network in plain-text.

sftp is a direct replacement for the ftp program. It gives you the same type of interactive login with special file manipulation commands. In fact, it provides more file operations than plain ftp. Like ssh and scp, it completely encrypts your password when logging into the remote system and also encrypts all files while in transit, so your password and data are safe from spying hackers.

sftp only works with servers running ssh version 2. Pangea and all Sweet Hall workstations run version 2. If the server you want to use only runs version 1 of ssh, you must use scp instead for file transfers.

Like scp, sftp creates a completely transparent encrypted data channel between the two machines, so binary data (such as images or executable programs) is preserved correctly. Unfortunately, this means that sftp is unable to perform the automatic end-of-line termination conversion between different types of operating systems that can be done with ftp in "ascii" mode. That will not be a problem when copying between Unix systems, which all use the same end-of-line convention. When using an sftp client program on a Windows or Macintosh PC, there may be a local option to perform this end-of-line termination conversion.

Syntax:

sftp remotehostname

Start sftp by simply giving the remote computer hostname or IP address on the command line. After prompting for your remote computer password (skipped if you have setup password-less authentication), you will get a new prompt that looks like

sftp>

At this point, you can give commands to browse the remote file system and copy files back and forth. It is easiest to change the working directory on the local system to the location where you want to find or put files first, before starting sftp, although it does have special commands to move around in the local file system as well as the remote file system.

The basic file manipulation commands are the same as ftp. See the TCP standards - telnet and ftp web page for a description of those commands, or use the on-line manual entry.

Comments or Questions?