Core Functionality and Syntax
SCP (Secure Copy Protocol) operates as a command-line utility for securely transferring files between local and remote hosts. It relies entirely on the SSH protocol for encryption, integrity verification, and authentication. The fundamental syntax follows a straightforward source-to-destination pattern:
scp [options] source_path user@target_host:destination_path
Path definitions must incorporate the remote hostname, optional port specifications, authentication credentials, and the absolute or relative directory structure. Uploading a file from a local workstation to a remote server requires specifying the remote endpoint as the target:
scp ~/projects/database_schema.sql deployer@192.168.50.14:/opt/backups/
Conversely, retrieving files follows the inverse arrangement, placing the remote source before the local target:
scp admin@172.16.0.88:/var/log/syslog ./current_system_logs/
- Enabling Verbose Debugging
Appending the -v flag forces the utility to print detailed handshake and transfer logs. This output is critical for troubleshooting authentication failures, configuration mismatches, or connection drops:
scp -v ./network_topology.json root@10.20.30.40:/etc/conf/
- Batch File Operations
Multiple files can be queued for transfer by separating they paths with spaces. Alternatively, shell brace expansion allows for concise directory targeting when pulling from a remote endpoint:
scp style.css index.html script.js webmaster@site-server:/var/www/html/
scp devops@ci-runner:/home/build/\{app.tar.gz,checksum.sha256\} ./release/
- Recursive Directory Transfer
To migrate entire directory trees, the -r flag must be applied. This instructs the process to traverse subdirectories and copy all contained assets sequentially:
scp -rv ./frontend-assets/ nginx@web01.prod.net:/srv/http/public/
- Remote-to-Remote Routing
The command supports direct file relay between two external servers without routing data through the initiating machine. The client merely orchestrates the connection parameters:
scp analyst@db-primary:/export/monthly_report.csv auditor@compliance-vm:/archive/2024/
- Compressing Data During Transit
Utilizing the -C switch activates on-the-fly zlib compression. Files are compressed before transmission and automatically decompressed upon arrival, which optimizes bandwidth consumption for text-heavy or highly redundant datasets:
scp -rC ~/dev/source_code/ git@code-repo.internal:/home/git/repos/new_project/
- Bandwidth Throttling
Network congestion can be mitigated by capping the transfer rate. The -l parameter accepts a maximum throughput value expressed in kilobits per second:
scp -vrC -l 1024 ./media_library/ archive@storage-box:/mnt/nas/media/
- Custom Port Configuration
When the target SSH daemon listens on a non-standard port, the uppercase -P flag overrides the default port 22:
scp -P 2244 -v ./deployment_script.sh sysadmin@jump-host:/tmp/
- Metadata Preservation
The lowercase -p flag ensures that original modification timestamps, access times, and file permission modes are retained on the destination host:
scp -p ./certificate.pem secure@auth-service:/etc/ssl/private/
- Silent Execution
For automated scripts or background tasks, the -q flag suppresses progress meters, warnings, and diagnostic messages, outputting only fatal errors:
scp -Cq ./daily_backup.sql backup@offsite:/var/lib/mysql/
- Identity Key Specification
When operating in a key-based authentication environment, the -i parameter directs the client to a specific private key file instead of relying on default locations or password prompts:
scp -i ~/.ssh/id_ecdsa_prod ./config.ini svc_account@app-server:/etc/app/
- Alternate SSH Configuration Loading
The -F option allows the utility to parse a custom configuration file, overriding global or user-level SSH defaults for the duration of the session:
scp -F ~/.ssh/corporate_config ./policy_doc.pdf compliance@audit-vm:/documents/
- Cipher Algorithm Selection
Default encryption methods may be swapped for alternatives that prioritize performance over maximum cryptographic overhead. The -c flag explicitly defines the cipher suite used during the encrypted tunnel establishment:
scp -c chacha20-poly1305@openssh.com -C ./large_dataset.csv data@analytics:/datasets/