AppleInsider may earn an affiliate commission on purchases made through links on our site.
Secure Copy is a UNIX standard used to transfer files from one computer to another. He’s how to use the function in macOS, all via the Terminal window.
Before personal computers, there were mainframe computers and timesharing terminals. Users would log in to an account from a terminal to a mainframe, and issue commands to the mainframe to process.
As the internet came of age in the 1990s the need arose to be able to use such terminal commands securely across networks and computers. In 1994 a Finnish programmer named Tatu Ylonen created the Secure Shell. For background on using Secure Shell, see our other SSH intro article.
As part of the Secure Shell, the SCP (Secure Copy Protocol) program was created. SCP is both a protocol and a UNIX program which can be run from the Terminal command line in macOS.
SCP enables file transfers to and from SSH servers in both directions. SCP is based on the RCP (Remote Copy) command (part of BSD’s r-commands) which was originally used when BSD came to prominence in the mid 1980’s.
The default TCP port used for SCP file transfer is 22 (the standard SSH port).
Unlike other internet standards, there is no RFC or formal standard for SCP – it’s part of the open-source OpenSSH project. You can view all of OpenSSH’s source code at its GitHub project.
In order to use SCP to transfer files, you must first establish an SSH connection via login to the remote server you wish to transfer files with. This is done either by a username/password-based login in Terminal, or via the use of public key infrastructure (SSH PKI key pairs).
Once logged in to the remote server, you use the ‘scp’ command followed by options in Terminal to transfer files. There is no way to obtain directory listings using scp, nor does it provide a way to delete remote files, but you can use standard UNIX filesystem commands such as ls to obtain directory listings once logged in to the remote computer.
After an SSH connection is established, all commands in that macOS Terminal window tab go to the server instead of to your Mac.
For example, in the macOS Terminal to get a directory listing of files on either the local machine or the remote server, you can issue an ls command such as:
The “-l” flag tells ls to list files vertically, in the Terminal window with each file/folder’s details such as UNIX permissions, owner, group, size, and file creation date and time. If you omit the “-l” flag, the ls command lists only file names in several columns without each file’s details.
For more details on the ls command, in Terminal type man ls and press Return.
To exit the man page system in Terminal for any man page, type Control-Z and press Return.
You can also use the ‘cd’ (change directory) command to change directories within a local or remote file system. Simply type ‘cd’ followed by a space, and the name or path of the directory you want to change to. All Terminal commands then operate on that directory, unless you cd again to another directory or specify a full path in a command.
To go up one directory level in a filesystem using cd in Terminal, you can type:
To go to the very top (root) of a filesystem, type:
You can have Terminal print the current full path and directory name in any filesystem by typing:
‘pwd’ is the UNIX command to get the present working directory (i.e. – the current directory the Terminal shell is operating in). For the manual page on pwd in Terminal, type:
See the scp man page for more details on flag usage with the command:
SCP or ‘scp’ in the Terminal is easy to use. The basic command syntax is ‘scp’ followed by file name, user name, server name or IP address, and remote directory path on that server to access. For example:
tells scp to copy a local file in the pwd named “example.txt” to the server at IP address 10.10.0.1 on that server’s filesystem directory named “directoryName” as the user named “remote_user” with the remote file copy to be named “example.txt” also.
If you omit the remote file’s name the same name as the source file will be used. If you want to change the remote file’s name to something else, include a new file name after the remote directory path at the end of the command:
Also note that the user indicated must have permissions in the remote directory specified in order to copy the file.
An opposite example – copying a file on the remote server to your Mac, looks similar. For example:
copies the file named “example.txt” in directory “directoryName” on the remote server to your Mac’s Desktop.
You can also specify flags immediately after the scp portion using the a minus sign followed by the option.
Two flags after “scp ” can be used to specify either version one two of the SSH protocol: -1′ or -2′. For example:
forces use of version two of the protocol to copy the file example.txt in the pwd to the remote server at 10.10.0.1 into the directory named “directoryName” with a new file name of “newExample.txt”.
You can copy entire directories by using the -r flag..
A few other flags you can use with scp to change the way it behaves are:
- -4 Use IPv4 addressing only
- -6 Use IPv6 addressing only
- -B Batch mode (suppresses additional requests for authentication)
- -C Enables compression on the connection
- -F Use an alternate ssh config file for connections
- -i Specifies an alternate private key file to use for connections
- -l (Limit) – Sets connection bandwidth limit in kb/s
- -O (Old) – Force older SCP protocol instead of newer SSH SFTP protocol during transfers
- -o Pass additional, non-command-line options to ssh
- -P Connect on an alternate port number other than 22
- -p Preserve all local file metadata on the remote file after copy, including dates and times
- -q (Quiet) – don’t display file copy progress info in Terminal
- -R (Remote) – Force the use of the remote version of scp for copies instead of the local one
- -r Recursively copy entire directories instead of just single files
- -S Use an alternate SSH program to manage the SSH connection
- -v (Verbose) – Print additional info in Terminal for all scp operations
The -O option is provided for use in cases where you are connecting to older SSH servers which don’t implement the newer SSH File Transfer Protocol (also part of SSH).
You can use the -o option to pass additional parameters to ssh, which aren’t available as command-line options. See the scp man page for more details.
scp local copies
scp works perfectly fine on your local network between different kinds of computers and operating systems. You can connect to and transfer files between two LAN computers just as easily as remote internet computers, assuming both LAN computers are running SSH.
Microsoft inclues SSH in later releases of Windows 10 beginning in 2019. For use with earlier versions of Windows, you may have to install a third-party SSH server on the Windows computer.
Some interesting books on SSH you may want to check out include:
In future articles we’ll explore transferring files in Terminal using two more modern networking protocols: SFTP and rsync.