The Secure copy (SCP) is a protocol to transfer files via a Secure Shell connection. The SSH file transfer protocol (SFTP) is a related protocol, also relying on a secure shell back-end. Both protocols allow secure file transfers, encrypting passwords and transferred data. The SFTP protocol, however, features additional capabilities like, for example, resuming broken transfers or remote file. FileZilla is a powerful FTP-client. It has been designed for ease of use and with support for. The winscp.exe is GUI, while the winscp.com is command-line. If you use just the winscp, due to an extension precedence in Windows, the.com wins. Make sure you use a full GUI executable name.
WinSCP is an open source free SSH client for Windows with the focus on secure file transfer. You can get it from WinSCP download page. Latest stable WinSCP version is 5.17.10.
An SSH client is a software which uses the SSH protocol to connect to a remote computer.
In general SSH protocol can be used for two purposes, file transfers and terminal access.
File transfers are primary focus of WinSCP.
WinSCP supports SFTP (SSH File Transfer Protocol) for secure file transfers. In addition to that it also supports legacy SCP (Secure Copy Protocol).
You can use WinSCP to transfer files both manually and automatically.
While WinSCP does not focus on terminal access, it has basic support for it.
You can execute remote commands via SSH terminal both manually and automatically.
If you need unrestricted terminal access (and still want to use WinSCP for file transfers), you will find integration with PuTTY SSH client useful. This free Telnet and SSH client for Windows can be also downloaded from our PuTTY download page.
WinSCP is, in addition to being SFTP client and SCP client, also FTP client. It supports also secure variant of FTP, the FTPS.
Advertisement
- Connect to FTP server or SFTP server;
- Upload files to FTP server or SFTP server;
- Synchronize files with FTP server or SFTP server;
- Automate file transfers (or synchronization) to FTP server or SFTP server;
- Other Guides to using WinSCP;
- Understanding SSH;
- All Supported file transfer protocols.
This article or section is a candidate for merging with SFTP chroot.
The Secure copy (SCP) is a protocol to transfer files via a Secure Shell connection. The SSH file transfer protocol (SFTP) is a related protocol, also relying on a secure shell back-end. Both protocols allow secure file transfers, encrypting passwords and transferred data. The SFTP protocol, however, features additional capabilities like, for example, resuming broken transfers or remote file manipulation like deletion.
Secure file transfer protocol (SFTP)
Install and configure OpenSSH. Once running, SFTP is available by default.
Access files with the sftp program or SSHFS. Many standard FTP programs should work as well.
Secure file transfer protocol (SFTP) with a chroot jail
Sysadmins can jail a subset of users to a chroot jail using openssh thus restricting their access to a particular directory tree. This can be useful to simply share some files without granting full system access or shell access. Users with this type of setup may use SFTP clients such as filezilla to put/get files in the chroot jail.
Setup the filesystem
Mac Scp Gui Client
Create a jail directory:
Optionally, bind mount the filesystem to be shared to this directory. In this example, /mnt/data/share
is to be used. It is owned by root and has octal permissions of 755.
/etc/fstab
to make the bind mount survive a reboot.Create an unprivileged user
Create the share user and setup a good password:
Setup OpenSSH
Add the following to the end of /etc/ssh/sshd_config
to enable the share and to enforce the restrictions:
Restartsshd.service
to re-read the config file.
Ubuntu Scp Gui
Test that in fact, the restrictions are enforced by attempting an ssh connection via the shell. The ssh server should return a polite notice of the setup:
Secure copy protocol (SCP)
Install, configure and startOpenSSH. It contains the scp utility to transfer files.
More features are available by installing additional packages, for example rsshAUR or scponly described below.
General Usage
Linux to Linux
Copy file from a remote host to local host SCP example:
Copy file from local host to a remote host SCP example:
Copy directory from a remote host to local host SCP example:
Copy directory from local host to a remote host SCP example:
Copy file from remote host to remote host SCP example:
Linux to Windows
Use a Windows program such as WinSCP
Scponly
Scponly is a limited shell for allowing users scp/sftp access and only scp/sftp access. Additionally, one can setup scponly to chroot the user into a particular directory increasing the level of security.
installscponly.
For existing users, simply set the user's shell to scponly:
Adding a chroot jail
The package comes with a script to create a chroot. To use it, run:
- Provide answers
- Check that
/path/to/chroot
hasroot:root
owner andr-x
for others - Change the shell for selected user to
/usr/bin/scponlyc
- sftp-server may require some libnss modules such as libnss_files. Copy them to chroot's
/lib
path.
Macos Scp Gui Client
Uploads to Chroot jail root dir
For security reasons the directory set as the chroot directory must be owned by root with only root having write access to it otherwise sftp/ssh connections will be denied. This of course means regular users cannot upload files to the root directory. In order to get around this while not compromising security you can create a folder inside the chroot directory which the regular user or group has write access to, e.g:
chmod 770
to allow sshusers to view contents.Debian Scp Client Gui
Some applications utilizing SFTP do not allow input of sub-directories when performing operations (e.g. uploading files), and will attempt to upload files to the chroot base directory (which will be denied). In order to force these applications to use a specific sub-directory you can append the following to the 'ForceCommand' option:
Users on connect will then have their start directory change to the specified sub-directory (remember to restart the sshd server).