SCP (Secure Copy Protocol): What is SCP?

If you want to transfer data between two computers, there are a variety of tools and tech­no­lo­gies available to do so. However, with the wide selection of client programs and available protocols, it can be difficult to find the right solution for the desired data transfer, es­pe­cially for beginners and less ex­per­i­enced users. This is par­tic­u­larly true when sensitive data needs to be sent which requires more than a simple transfer from point A to point B. If this is the case, you should only be con­sid­er­ing methods that offer an ap­pro­pri­ate level of security.

One of these methods is per­form­ing data transfer via the Secure Copy Protocol (SCP) which was specially designed for the secure transfer of digital in­form­a­tion. In the following article, you will learn what the SCP protocol is and how it works.

Secure Copy Protocol (SCP), often referred to as Secure Copy, is a protocol for computer networks that ensures the secure transfer of data between a local host and a remote host or al­tern­at­ively between two remote hosts. It is based on the RCP commands (remote copy) published as part of the Berkeley r-commands by the Uni­ver­sity of Cali­for­nia, Berkeley back in 1982. These allow you to manage data transfer using command lines.

SCP provides an au­then­tic­a­tion procedure between the two hosts as well as en­cryp­tion for the transfer. In this way, the protocol ensures both the security and the au­then­ti­city of the trans­ferred data. SCP protocol uses SSH (Secure Shell) for both of these security measures. SSH is also used by other transfer protocols such as FTP (or SFTP). The TCP port used for SCP transfer is SSH standard port 22.

Secure Copy is cross-platform. There are versions and programs for all standard Windows, macOS, and Linux operating systems as well as for Android and iOS.

Secure Copy requires au­then­tic­a­tion from both hosts involved. Before you can perform a transfer using the protocol, you must first establish an SSH con­nec­tion between the local host and the targeted remote host. This requires either the SSH login in­form­a­tion or an au­thor­ised key for the public key au­then­tic­a­tion.

Once the SSH con­nec­tion between the two hosts has been es­tab­lished, the SCP client will start a Secure Copy process with two different modes available:

• Source mode: An SCP request in source mode reads the files from the targeted remote host and sends them back to the client.
• Sink mode: If sink mode is used for requests via the SCP protocol on the client side, this signals to the remote host that there is incoming data to be written on the remote host.

SCP clients usually use the -f flag (from) to trigger source mode. To trigger sink mode to transfer data to the targeted remote host, the -t flag (to) is used instead.

Secure Copy is natively supported by all standard operating systems and provides an excellent security solution by including SSH. Its com­bin­a­tion of au­then­tic­a­tion and en­cryp­tion puts it on par with the popularly used SFTP which also uses Secure Shell’s security mech­an­isms. Since SCP also out­per­forms secure FTP in terms of transfer speed, the protocol is an excellent al­tern­at­ive when you need to transfer files quickly and securely to a web server or when sensitive data needs to be dis­trib­uted in a local network (e.g. a company network).

In addition to the pre­vi­ously mentioned clients which you can download for free online, macOS, Windows, and Linux also have a standard built-in Secure Copy client called “scp.” Therefore, the fastest and easiest way to transfer data via SCP protocol is using the command prompt window or terminal, as demon­strated in the following two example commands:

This command copies the source file into the specified directory on the target host with the user logged in via SSH using the name “test.” If you need to transfer a file from a remote host to the local host par­ti­cip­at­ing in SCP, you would need the following command:

In the previous examples, you already saw the basic syntax for the command lines used to manage native SCP clients in Windows and other operating systems. However, both examples of code only show a simple process for copying without any of the ad­di­tion­al options the scp tool offers. If you add these options to the command, they should precede the file and host in­form­a­tion so that the full syntax looks like this:

The following table sum­mar­ises the most important options for con­fig­ur­ing Secure Copy requests with scp: