Master DevOps Tools & Best Practices - DevOps Knowledge Hub Master DevOps Tools & Best Practices - DevOps Knowledge Hub

Mastering SCP: Securely Transfer Files Between Local and Remote Hosts

Learn scp syntax for secure uploads, downloads, recursive copies, custom SSH ports, and file attribute preservation.

Mastering SCP: Securely Transfer Files Between Local and Remote Hosts

scp copies files between machines over SSH. It is useful when you need a quick secure upload or download and you already have SSH access to the server.

For large sync jobs, interrupted transfers, or repeated deployments, rsync is usually a better tool. For straightforward one-time copies, scp is simple and available on most Unix-like systems.

Basic Syntax

scp [OPTIONS] SOURCE DESTINATION

Local paths look like normal file paths. Remote paths use this form:

[user@]host:/path/to/file

If you omit user@, scp uses your local username for the SSH login. If the remote SSH server uses a non-default port, pass -P with an uppercase P. Lowercase -p means preserve file attributes.

Upload a File

To copy a local file to a remote server:

scp local_report.txt [email protected]:/home/remote_user/documents/

This sends local_report.txt from your current directory to the remote documents directory.

To rename the file during upload, include the destination filename:

scp local_report.txt [email protected]:/home/remote_user/documents/report-2026.txt

Download a File

To copy a remote file to your current local directory:

scp [email protected]:~/server_log.tar.gz .

To save it under a different local name:

scp [email protected]:~/server_log.tar.gz ./prod-server-log.tar.gz

Copy a Directory Recursively

Use -r to copy a directory tree:

scp -r local_project_folder [email protected]:/var/www/

This copies the directory and its contents to the destination. Be aware that scp -r follows symbolic links it encounters during traversal, which can copy more data than you expected.

Use a Custom SSH Port

If SSH listens on port 2222, use uppercase -P:

scp -P 2222 local_config.ini [email protected]:/tmp/

You can also put the port in your SSH config and then use the host alias:

Host prod-web
  HostName remote.example.com
  User user
  Port 2222

Then:

scp local_config.ini prod-web:/tmp/

Preserve Times and Modes

Use lowercase -p to preserve modification times, access times, and file mode bits from the source:

scp -p important_script.sh user@server:/tmp/

Ownership is not generally preserved the way it is with archive tools. If ownership matters, set it after transfer or use a deployment process designed for that requirement.

Troubleshoot with Verbose Mode

Use -v to see SSH connection details:

scp -v large_backup.zip user@server:/backups/

Verbose output helps diagnose authentication failures, SSH config issues, host key problems, and unexpected ports.

Enable Compression When It Helps

-C passes SSH compression through to the connection:

scp -C logs.txt user@server:/tmp/

Compression can help on slower links with text-heavy data. It may not help much for already compressed files such as .zip, .gz, .jpg, or .mp4.

Copy Between Two Remote Hosts

You can use scp with two remote paths:

scp user_a@server_alpha:/data/db.sql user_b@server_beta:/backup/

In current OpenSSH scp, remote-to-remote copies are transferred through your local machine by default. Use -R only when you intentionally want the origin host to connect directly to the destination host:

scp -R user_a@server_alpha:/data/db.sql user_b@server_beta:/backup/

With -R, the origin host must be able to authenticate to the destination without prompting for a password.

Avoid Common Mistakes

Quote remote paths that contain spaces:

scp "local file.txt" 'user@server:/tmp/local file.txt'

Use absolute or clearly relative local paths when a local filename contains a colon, because scp treats host:path as a remote path:

scp ./report:final.txt user@server:/tmp/

Double-check destination paths before copying as root or into system directories. scp will overwrite an existing destination file without asking in normal use.

SCP or Rsync?

Use scp for simple secure copies:

  • Upload one file.
  • Download one archive.
  • Copy a small directory once.
  • Move data through an SSH-only environment.

Use rsync when you need resumable transfers, efficient repeated syncs, delete handling, exclude patterns, checksums, or better progress controls.

Takeaway

Use scp source destination for quick SSH-based file transfers. Add -r for directories, -P for a custom SSH port, -p to preserve times and modes, and -v when you need to troubleshoot the SSH connection.