ff2ae367 |
1 | \versionid $Id: pscp.but,v 1.20 2001/12/31 16:15:19 simon Exp $ |
768ada0c |
2 | |
ded53fce |
3 | \#FIXME: Need examples |
768ada0c |
4 | |
e5b0d077 |
5 | \C{pscp} Using PSCP to transfer files securely |
6 | |
ffd64114 |
7 | \i{PSCP}, the PuTTY Secure Copy client, is a tool for transferring files |
768ada0c |
8 | securely between computers using an SSH connection. |
9 | |
9a313f60 |
10 | If you have an SSH 2 server, you might prefer PSFTP (see \k{psftp}) |
11 | for interactive use. PSFTP does not in general work with SSH 1 |
12 | servers, however. |
13 | |
768ada0c |
14 | \H{pscp-starting} Starting PSCP |
15 | |
16 | PSCP is a command line application. This means that you cannot just |
17 | double-click on its icon to run it and instead you have to bring up a |
ffd64114 |
18 | \i{console window}. With Windows 95, 98, and ME, this is called an |
768ada0c |
19 | \q{MS-DOS Prompt} and with Windows NT and 2000 it is called a |
20 | \q{Command Prompt}. It should be available from the Programs section |
21 | of your Start Menu. |
22 | |
ffd64114 |
23 | To start PSCP it will need either to be on your \i{\c{PATH}} or in your |
768ada0c |
24 | current directory. To add the directory containing PSCP to your |
25 | \c{PATH} environment variable, type into the console window: |
26 | |
8452efbc |
27 | \c set PATH=C:\path\to\putty\directory;%PATH% |
768ada0c |
28 | |
e35b2951 |
29 | This will only work for the lifetime of that particular console |
30 | window. To set your \c{PATH} more permanently on Windows NT, use the |
31 | Environment tab of the System Control Panel. On Windows 95, 98, and |
32 | ME, you will need to edit your \c{AUTOEXEC.BAT} to include a \c{set} |
33 | command like the one above. |
768ada0c |
34 | |
35 | \H{pscp-usage} PSCP Usage |
36 | |
37 | Once you've got a console window to type into, you can just type |
38 | \c{pscp} on its own to bring up a usage message. This tells you the |
39 | version of PSCP you're using, and gives you a brief summary of how to |
40 | use PSCP: |
41 | |
42 | \c Z:\owendadmin>pscp |
43 | \c PuTTY Secure Copy client |
44 | \c Release 0.50 |
45 | \c Usage: pscp [options] [user@]host:source target |
46 | \c pscp [options] source [source...] [user@]host:target |
47 | \c pscp [options] -ls user@host:filespec |
48 | \c Options: |
49 | \c -p preserve file attributes |
50 | \c -q quiet, don't show statistics |
51 | \c -r copy directories recursively |
52 | \c -v show verbose messages |
53 | \c -P port connect to specified port |
54 | \c -pw passw login with specified password |
55 | |
56 | (PSCP's interface is much like the Unix \c{scp} command, if you're |
57 | familiar with that.) |
58 | |
59 | \S{pscp-usage-basics} The basics |
60 | |
61 | To receive (a) file(s) from a remote server: |
62 | |
ded53fce |
63 | \c pscp [options] [user@]host:source target |
64 | |
0b06900c |
65 | So to copy the file \c{/etc/hosts} from the server \c{example.com} as |
66 | user \c{fred} to the file \c{c:\\temp\\example-hosts.txt}, you would type: |
ded53fce |
67 | |
68 | \c pscp fred@example.com:/etc/hosts c:\temp\example-hosts.txt |
768ada0c |
69 | |
70 | To send (a) file(s) to a remote server: |
71 | |
ded53fce |
72 | \c pscp [options] source [source...] [user@]host:target |
73 | |
0b06900c |
74 | So to copy the local file \c{c:\\documents\\csh-whynot.txt} to the |
75 | server \c{example.com} as user \c{fred} to the file |
ded53fce |
76 | \c{/tmp/csh-whynot} you would type: |
77 | |
78 | \c pscp c:\documents\csh-whynot.txt fred@example.com:/tmp/csh-whynot |
768ada0c |
79 | |
a4196579 |
80 | You can use wildcards to transfer multiple files in either |
81 | direction, like this: |
82 | |
83 | \c pscp c:\documents\*.doc fred@example.com:docfiles |
84 | \c pscp fred@example.com:source/*.c c:\source |
85 | |
86 | However, in the second case (using a wildcard for multiple remote |
87 | files) you may see a warning like this: |
88 | |
89 | \c warning: remote host tried to write to a file called 'terminal.c' |
90 | \c when we requested a file called '*.c'. |
91 | \c If this is a wildcard, consider upgrading to SSH 2 or using |
92 | \c the '-unsafe' option. Renaming of this file has been disallowed. |
93 | |
94 | This is due to a fundamental insecurity in the old-style SCP |
95 | protocol: the client sends the wildcard string (\c{*.c}) to the |
96 | server, and the server sends back a sequence of file names that |
97 | match the wildcard pattern. However, there is nothing to stop the |
98 | server sending back a \e{different} pattern and writing over one of |
99 | your other files: if you request \c{*.c}, the server might send back |
100 | the file name \c{AUTOEXEC.BAT} and install a virus for you. Since |
101 | the wildcard matching rules are decided by the server, the client |
102 | cannot reliably verify that the filenames sent back match the |
103 | pattern. |
104 | |
105 | PSCP will attempt to use the newer SFTP protocol (part of SSH 2) |
106 | where possible, which does not suffer from this security flaw. If |
107 | you are talking to an SSH 2 server which supports SFTP, you will |
108 | never see this warning. |
109 | |
110 | If you really need to use a server-side wildcard with an SSH 1 |
111 | server, you can use the \c{-unsafe} command line option with PSCP: |
112 | |
113 | \c pscp -unsafe fred@example.com:source/*.c c:\source |
114 | |
115 | This will suppress the warning message and the file transfer will |
116 | happen. However, you should be aware that by using this option you |
117 | are giving the server the ability to write to \e{any} file in the |
118 | target directory, so you should only use this option if you trust |
119 | the server administrator not to be malicious (and not to let the |
120 | server machine be cracked by malicious people). |
121 | |
ffd64114 |
122 | \S2{pscp-usage-basics-user} \c{user} |
123 | |
124 | The login name on the remote server. If this is omitted, and \c{host} |
125 | is a PuTTY saved session, PSCP will use any username specified by that |
126 | saved session. Otherwise, PSCP will attempt to use the local Windows |
127 | username. |
128 | |
129 | \S2{pscp-usage-basics-host} \c{host} |
130 | |
131 | The name of the remote server, or the name of an existing PuTTY saved |
132 | session. In the latter case, the session's settings for hostname, port |
133 | number, cipher type and username will be used. |
768ada0c |
134 | |
ffd64114 |
135 | \S2{pscp-usage-basics-source} \c{source} |
768ada0c |
136 | |
ffd64114 |
137 | One or more source files. \i{Wildcards} are allowed. The syntax of |
138 | wildcards depends on the system to which they apply, so if you are |
139 | copying \e{from} a Windows system \e{to} a UNIX system, you should use |
116934a6 |
140 | Windows wildcard syntax (e.g. \c{*.*}), but if you are copying \e{from} |
ffd64114 |
141 | a UNIX system \e{to} a Windows system, you would use the wildcard |
142 | syntax allowed by your UNIX shell (e.g. \c{*}). |
768ada0c |
143 | |
ded53fce |
144 | If the source is a remote server and you do not specify a full |
145 | pathname (in UNIX, a pathname beginning with a \c{/} (slash) |
146 | character), what you specify as a source will be interpreted relative |
147 | to your home directory on the remote server. |
148 | |
ffd64114 |
149 | \S2{pscp-usage-basics-target} \c{target} |
768ada0c |
150 | |
ded53fce |
151 | The filename or directory to put the file(s). When copying from a |
152 | remote server to a local host, you may wish simply to place the |
153 | file(s) in the current directory. To do this, you should specify a |
154 | target of \c{.}. For example: |
155 | |
156 | \c pscp fred@example.com:/home/tom/.emacs . |
157 | |
158 | ...would copy \c{/home/tom/.emacs} on the remote server to the current |
159 | directory. |
160 | |
161 | As with the \c{source} parameter, if the target is on a remote server |
162 | and is not a full path name, it is interpreted relative to your home |
163 | directory on the remote server. |
768ada0c |
164 | |
165 | \S{pscp-usage-options} Options |
166 | |
ffd64114 |
167 | These are the command line options that PSCP accepts. |
768ada0c |
168 | |
169 | \S2{pscp-usage-options-p}\c{-p} preserve file attributes |
170 | |
ffd64114 |
171 | By default, files copied with PSCP are \i{timestamp}ed with the date and |
768ada0c |
172 | time they were copied. The \c{-p} option preserves the original |
173 | timestamp on copied files. |
174 | |
ffd64114 |
175 | \S2{pscp-usage-options-q}\c{-q} quiet, don't show \i{statistics} |
768ada0c |
176 | |
177 | By default, PSCP displays a meter displaying the progress of the |
178 | current transfer: |
179 | |
180 | \c mibs.tar | 168 kB | 84.0 kB/s | ETA: 00:00:13 | 13% |
181 | |
182 | The fields in this display are (from left to right), filename, size |
183 | (in kilobytes) of file transferred so far, estimate of how fast the |
184 | file is being transferred (in kilobytes per second), estimated time |
185 | that the transfer will be complete, and percentage of the file so far |
186 | transferred. The \c{-q} option to PSCP suppresses the printing of |
187 | these statistics. |
188 | |
ffd64114 |
189 | \S2{pscp-usage-options-r}\c{-r} copies directories \i{recursive}ly |
768ada0c |
190 | |
b3fa9b5e |
191 | By default, PSCP will only copy files. Any directories you specify to |
192 | copy will be skipped, as will their contents. The \c{-r} option tells |
193 | PSCP to descend into any directories you specify, and to copy them and |
194 | their contents. This allows you to use PSCP to transfer whole |
195 | directory structures between machines. |
196 | |
ffd64114 |
197 | \S2{pscp-usage-options-v}\c{-v} show \i{verbose} messages |
768ada0c |
198 | |
199 | The \c{-v} option to PSCP makes it print extra information about the |
200 | file transfer. For example: |
201 | |
202 | \c Logging in as "fred". |
203 | \c fred@example.com's password: |
204 | \c Sending command: scp -v -f mibs.tar |
205 | \c Connected to example.com |
206 | \c Sending file modes: C0644 1320960 mibs.tar |
207 | \c mibs.tar | 1290 kB | 67.9 kB/s | ETA: 00:00:00 | 100% |
208 | \c Remote exit status 0 |
209 | \c Closing connection |
210 | |
211 | This information may be useful for debugging problems with PSCP. |
212 | |
ffd64114 |
213 | \S2{pscp-usage-options-P}\c{-P port} connect to specified \i{port} |
768ada0c |
214 | |
d8507d01 |
215 | If the \c{host} you specify is a saved session, PSCP uses any port |
b3fa9b5e |
216 | number specified in that saved session. If not, PSCP uses the default |
217 | SSH port, 22. The \c{-P} option allows you specify the port number to |
218 | connect to for PSCP's SSH connection. |
768ada0c |
219 | |
ffd64114 |
220 | \S2{pscp-usage-options-pw}\c{-pw passw} login with specified \i{password} |
768ada0c |
221 | |
d8507d01 |
222 | If a password is required to connect to the \c{host}, PSCP will |
223 | interactively prompt you for it. However, this may not always be |
224 | appropriate. If you are running PSCP as part of some automated job, |
b3fa9b5e |
225 | it will not be possible to enter a password by hand. The \c{-pw} |
d8507d01 |
226 | option to PSCP lets you specify the password to use on the command |
227 | line. |
228 | |
229 | Since specifying passwords in scripts is a bad idea for security |
230 | reasons, you might want instead to consider using public-key |
6da38567 |
231 | authentication; see \k{pscp-pubkey}. |
232 | |
ff2ae367 |
233 | \S2{pscp-usage-options-batch}\c{-batch} avoid interactive prompts |
234 | |
235 | If you use the \c{-batch} option, PSCP will never give an |
236 | interactive prompt while establishing the connection. If the |
237 | server's host key is invalid, for example (see \k{gs-hostkey}), then |
238 | the connection will simply be abandoned instead of asking you what |
239 | to do next. |
240 | |
241 | This may help PSCP's behaviour when it is used in automated |
242 | scripts: using \c{-batch}, if something goes wrong at connection |
243 | time, the batch job will fail rather than hang. |
244 | |
4cbe74f4 |
245 | \S{pscp-retval} Return value |
a4196579 |
246 | |
247 | PSCP returns an \cw{ERRORLEVEL} of zero (success) only if the files |
248 | were correctly transferred. You can test for this in a batch file, |
249 | using code such as this: |
250 | |
251 | \c pscp file*.* user@hostname: |
252 | \c if errorlevel 1 echo There was an error |
253 | |
6da38567 |
254 | \S{pscp-pubkey} Using public key authentication with PSCP |
255 | |
256 | Like PuTTY, PSCP can authenticate using a public key instead of a |
257 | password. There are two ways you can do this. |
258 | |
259 | Firstly, PSCP can use PuTTY saved sessions in place of hostnames |
260 | (see \k{pscp-usage-basics-host}). So you would do this: |
261 | |
262 | \b Run PuTTY, and create a PuTTY saved session (see |
263 | \k{config-saving}) which specifies your private key file (see |
add788fc |
264 | \k{config-ssh-privkey}). You will probably also want to specify a |
265 | username to log in as (see \k{config-username}). |
6da38567 |
266 | |
267 | \b In PSCP, you can now use the name of the session instead of a |
edcbf00a |
268 | hostname: type \c{pscp sessionname:file localfile}, where |
269 | \c{sessionname} is replaced by the name of your saved session. |
6da38567 |
270 | |
271 | Secondly, PSCP will attempt to authenticate using Pageant if Pageant |
272 | is running (see \k{pageant}). So you would do this: |
273 | |
274 | \b Ensure Pageant is running, and has your private key stored in it. |
275 | |
276 | \b Specify a user and host name to PSCP as normal. PSCP will |
277 | automatically detect Pageant and try to use the keys within it. |
278 | |
279 | For more general information on public-key authentication, see |
280 | \k{pubkey}. |
768ada0c |
281 | |
ffd64114 |
282 | \H{pscp-ixplorer} \i{Secure iXplorer} |
768ada0c |
283 | |
284 | Lars Gunnarson has written a graphical interface for PSCP. You can |
285 | get it from his web site, at |
75bae139 |
286 | \W{http://www.i-tree.org/}{www.i-tree.org}. |