5.2.1 The basics
To receive (a) file(s) from a remote server:
pscp [options] [user@]host:source target
So to copy the file /etc/hosts
from the server example.com
as user fred
to the file c:\temp\example-hosts.txt
, you would type:
pscp [email protected]:/etc/hosts c:\temp\example-hosts.txt
To send (a) file(s) to a remote server:
pscp [options] source [source...] [user@]host:target
So to copy the local file c:\documents\foo.txt
to the server example.com
as user fred
to the file /tmp/foo
you would type:
pscp c:\documents\foo.txt [email protected]:/tmp/foo
You can use wildcards to transfer multiple files in either direction, like this:
pscp c:\documents\*.doc [email protected]:docfiles
pscp [email protected]:source/*.c c:\source
However, in the second case (using a wildcard for multiple remote files) you may see a warning saying something like ‘warning: remote host tried to write to a file called ‘terminal.c
’ when we requested a file called ‘*.c
’. If this is a wildcard, consider upgrading to SSH-2 or using the ‘-unsafe
’ option. Renaming of this file has been disallowed’.
This is due to a fundamental insecurity in the old-style SCP protocol: the client sends the wildcard string (*.c
) to the server, and the server sends back a sequence of file names that match the wildcard pattern. However, there is nothing to stop the server sending back a different pattern and writing over one of your other files: if you request *.c
, the server might send back the file name AUTOEXEC.BAT
and install a virus for you. Since the wildcard matching rules are decided by the server, the client cannot reliably verify that the filenames sent back match the pattern.
PSCP will attempt to use the newer SFTP protocol (part of SSH-2) where possible, which does not suffer from this security flaw. If you are talking to an SSH-2 server which supports SFTP, you will never see this warning. (You can force use of the SFTP protocol, if available, with -sftp
- see section 5.2.2.6.)
If you really need to use a server-side wildcard with an SSH-1 server, you can use the -unsafe
command line option with PSCP:
pscp -unsafe [email protected]:source/*.c c:\source
This will suppress the warning message and the file transfer will happen. However, you should be aware that by using this option you are giving the server the ability to write to any file in the target directory, so you should only use this option if you trust the server administrator not to be malicious (and not to let the server machine be cracked by malicious people). Alternatively, do any such download in a newly created empty directory. (Even in ‘unsafe’ mode, PSCP will still protect you against the server trying to get out of that directory using pathnames including ‘..
’.)