Skip to main content
banner image
venafi logo

What Is Secure Copy Protocol and How to Use It

What Is Secure Copy Protocol and How to Use It

September 28, 2021 | Anastasios Arampatzis

When sending data between systems, users and businesses should be cautious preserving data confidentiality and integrity, especially if this data is determined as sensitive or personal. The use of tools or protocols that fail to preserve an appropriate level of security may expose this data to eavesdroppers, leading to a violation of privacy and security regulations. Performing data transactions through Secure Copy Protocol (SCP) is one of the methods which is built for the secure transfer of digital information.

What is SCP protocol?

Secure Copy Protocol (SCP) is a method based on (Secure Shell) SSH for safely transferring computer files between a local host and a remote host, or between two remote hosts. The protocol is a "secure" implementation of the RCP (Remote Copy Protocol)—a protocol for transferring files across a network.

Want to learn more about protecting your SSH keys? Check out our FREE Dummies Guide.

The RCP is used to transfer the files, and the SSH protocol provides authentication and encryption, so SCP can be considered a mixture of these two protocols. The data that is being transferred remains confidential, so the SCP can be used to successfully block packet sniffers that can extract valuable information from the data packets. The SCP can also benefit from using SSH because it allows the inclusion of permissions and timestamps for the file that needs to be uploaded.

SCP works on top of the SSH protocol and supports an authentication mechanism to provide authenticity and confidentiality for transferred files, just like SSH provides the same thing for the older and insecure Telnet protocol. As the SCP protocol provides an authentication procedure between the two hosts and encryption for the transfer, it can ensure the security and the authenticity of the transferred data.

Whenever users transfer files between a server and client (or vice versa) via these apps, those are implemented via the SCP protocol, unless users have chosen to use the SFTP protocol as the default mode for data transfers. With SCP, you can transfer files quickly by using the command line. This method often is faster and simpler than utilizing a client with graphical interface. What is more, the command-line feature can also be used for automating batch files and scripts transfers.

Since its first release back in 1983, SCP has been used as a standalone app under the same name but has also been embedded inside other apps. For example, SCP is the standard file transfer method for OpenSSH, Putty, and WinSCP. Since the SCP protocol is cross-platform, there are versions and programs for all operating systems—Windows, macOS, Linux, Android, and iOS.

How does SCP protocol work?

Secure Copy needs authentication from involved hosts. In addition, you should set up an SSH connection between the local host and the targeted remote host before performing the transfer via the protocol. For that, you are required to enter the authorized key for the public key authentication.

After building up the SSH connection between the two hosts, the SCP client will begin a secure copy process with two different available modes—source mode and sink mode. SCP clients often utilize the -f flag (from) to trigger source mode. If you want to trigger sink mode to transfer data to the targeted remote host, you need to use -t flag (to).

  • Source mode: An SCP request in the source mode reads files from the targeted distant host and sends them back to the client.
  • Sink mode: If the sink mode is used via the SCP protocol on the client, it will send signals to the remote host indicating that there is input data to be written to the remote host.

Typically, a syntax of SCP program is like the syntax of cp (copy). If you wish to copy a local file to a remote host, then you should type in the following command:

scp LocalSourceFile user@remotehost:directory/TargetFile

If you would like to copy a file from remote host or copy a folder from remote host (with -r switch), the following commands apply respectively:

scp user@remotehost:directory/SourceFile LocalTargetFile

scp -r user@host:directory/SourceFolder LocalTargetFolder

Security of SCP Protocol

Although SCP is generally considered a secure option for transferring files between remote hosts, Harry Sintonen, a security researcher with Finnish cyber-security firm F-Secure, discovered in January 2019 that the protocol is vulnerable. The researcher found that all SCP implementations since 1983 are vulnerable to four security bugs that allow a malicious SCP server to make unauthorized changes to a client's (user's) system and hide malicious operations in the terminal. When copying files from remote systems to a local directory, SCP was not verifying the filenames of what was being sent from the server to client.

Since then, patches were issued by all vendors that support the SCP protocol, but OpenSSH went one step further, with the release of OpenSSH 8.0. In April 2019, the developers noted that “The SCP protocol is outdated, inflexible and not readily fixed. We recommend the use of more modern protocols like SFTP and RSYNC for file transfer instead.”

Besides patching these vulnerabilities, the security of associated SSH keys is also paramount since the SCP protocol relies on SSH. Businesses and individuals should take extra precaution protecting these keys and rotate them on a frequent basis. The Venafi SSH Protect platform helps organizations safeguard host-to-host connections by discovering, protecting and automating the lifecycle of SSH machine identities.

Related Posts

Like this blog? We think you will love this.
Featured Blog

All About SSH Key Management and SSH Machine Identities

SSH is a secure way to initiate remote computer access and en

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Anastasios Arampatzis
Anastasios Arampatzis

Anastasios Arampatzis is a retired Hellenic Air Force officer with over 20 years of experience in evaluating cybersecurity and managing IT projects. He works as an informatics instructor at AKMI Educational Institute, while his interests include exploring the human side of cybersecurity.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more