scp
Function
The scp command uploads a local file to the remote SCP server or downloads a file from the remote SCP server to a local directory.
Format
# Transfer a file between the local client and the remote SCP server based on IPv4.
scp [ -port port-number | { public-net | vpn-instance vpn-instance-name } | identity-key { dsa | rsa | ecc } | user-identity-key { rsa | dsa | ecc } | { -a source-address | -i interface-type interface-number } | -r | -cipher -cipher | -c ] * sourcefile destinationfile
# Transfer a file between the local client and the remote SCP server based on IPv6.
scp ipv6 [ -port port-number | { public-net | vpn-instance vpn-instance-name } | identity-key { dsa | rsa | ecc } | user-identity-key { rsa | dsa | ecc } | -a source-address | -r | -cipher -cipher | -c ] * sourcefile destinationfile [ -oi interface-type interface-number ]
Parameters
Parameter |
Description |
Value |
|---|---|---|
| -port port-number | Specifies the port number of the SCP server. | The value is an integer that ranges from 1 to 65535. The default value is 22. |
| public-net | Indicates that the SCP server is connected to the public network. |
- |
| vpn-instance vpn-instance-name | Specifies the name of the VPN instance where the SCP server is located. |
The value must be an existing VPN instance name. |
| identity-key | Specifies the public key algorithm for server authentication. | The public key algorithm include dsa, rsa, and ecc.
By default, the server authentication uses the ECC public key. NOTE:
To improve security, it is not recommended that you use RSA or DSA as the authentication algorithm. |
| user-identity-key | Specifies the public key algorithm for the client authentication. | The public key algorithm include dsa, rsa, and ecc.
By default, the client authentication uses the RSA public key. NOTE:
To improve security, it is not recommended that you use RSA or DSA as the authentication algorithm. |
| -a source-address | Specifies the source IP address for connecting to the SCP client. You are advised to use the loopback interface IP address. | - |
| -i interface-type interface-number | Specifies the source interface used by the SCP client to set up connections. It consists of the interface type and number. It is recommended that you specify a loopback interface. The IP address configured for this interface is the source IP address for sending packets. If no IP address is configured for the source interface, the FTP connection cannot be set up. |
- |
| -oi interface-type interface-number | Specifies an outbound interface on the local device. If the remote host uses an IPv6 address, you must specify the outbound interface on the local device. |
- |
| -r | Uploads or downloads files in batches. | - |
| -cipher -cipher | Specifies the encryption algorithms for uploading or downloading files. | Encryption algorithms des, 3des, aes256 , aes128_ctr, aes256_ctr, and aes128 are supported. The default encryption algorithm is aes256_ctr. You are advised to use aes128_ctr and aes256_ctr encryption algorithms to ensure high security. NOTE:
|
| -c | Compress files when uploading or downloading them. | - |
| sourcefilename | Specifies a source file to be uploaded or downloaded. | The source file format is username@hostname:[path][filename]. |
| destinationfilename | Specifies a destination file to be uploaded or downloaded. | The source file format is username@hostname:[path][filename]. |
Usage Guidelines
Usage Scenario
SCP file transfer mode is based on SSH2.0 Compared with the SFTP file transfer mode, the SCP file transfer mode allows you to upload or download files when the connection is set up between the SCP client and server.
You are advised to set the source IP address to the loopback address, or set the outbound interface to the loopback interface using -a and -i, to improve security.
When -r is specified, you can use the wildcard (*) to upload or download files in batches, for example, *.txt and huawei.*.
When -c is specified, files are compressed before being transmitted. File compression takes a long time and affects file transfer speed; therefore, you are not advised to compress files before transferring them.
Precautions
- The format of uploaded and downloaded files of the SCP server is username@hostname:[path][filename]. In the preceding file format, username indicates the user name for logging in to the SCP server, hostname indicates the SCP server name or IP address, and path indicates user's working directory specified on the SCP server, and filename indicates the file name. The following describes the preceding parameters when you upload a file to the SCP server:
If filename and path are not specified, the file is transferred to the root directory of the user's working directory.
If only path is specified, the file is transferred to the specified directory.
If only filename is specified, the file is named as filename, and transferred to the SCP server.
To set hostname to the IPv6 address, you must add the IPv6 address with square brackets ([ ]), for example, zhangsan@[FC00::/7]:.
If the destination file name is the same as the name of an existing directory, the file is moved to this directory with the source file name. If the destination file has the same name as an existing file, the system prompts you whether to overwrite the existing file.
If an SCP user on the client authenticates the server using an RSA, a DSA, or an ECC public key, the SCP user is prompted to select the key pair for authentication.
The file system has a restriction on the number of files in the root directory. Therefore, if more than 50 files exist in the root directory, creating new files in this directory may fail.
Example
# Log in through ECC authentication and copy the xxxx.txt file to the flash memory of remote SCP server at 10.10.0.114.
<HUAWEI> system-view [HUAWEI] scp identity-key ecc flash:/xxxx.txt root@10.10.0.114:flash:/xxxx.txt Trying 10.10.0.114 ... Press CTRL+K to abort Connected to 10.10.0.114 ... The server's public key does not match the one catched before. The server is not authenticated. Continue to access it? [Y/N]:y Update the server's public key now? [Y/N]: y Enter password: flash:/xxxx.txt 100% 12Bytes 1KByte(s)/sec