\i{PSCP}, the PuTTY Secure Copy client, is a tool for transferring files
securely between computers using an SSH connection.
-If you have an SSH 2 server, you might prefer PSFTP (see \k{psftp})
-for interactive use. PSFTP does not in general work with SSH 1
+If you have an SSH-2 server, you might prefer PSFTP (see \k{psftp})
+for interactive use. PSFTP does not in general work with SSH-1
servers, however.
\H{pscp-starting} Starting PSCP
\c -l user connect with specified username
\c -pw passw login with specified password
\c -1 -2 force use of particular SSH protocol version
+\c -4 -6 force use of IPv4 or IPv6
\c -C enable compression
\c -i key private key file for authentication
\c -batch disable all interactive prompts
However, in the second case (using a wildcard for multiple remote
files) you may see a warning saying something like \q{warning:
-remote host tried to write to a file called 'terminal.c' when we
-requested a file called '*.c'. If this is a wildcard, consider
-upgrading to SSH 2 or using the '-unsafe' option. Renaming of this
-file has been disallowed}.
+remote host tried to write to a file called \cq{terminal.c} when we
+requested a file called \cq{*.c}. If this is a wildcard, consider
+upgrading to SSH-2 or using the \cq{-unsafe} option. Renaming of
+this file has been disallowed}.
This is due to a fundamental insecurity in the old-style SCP
protocol: the client sends the wildcard string (\c{*.c}) to the
cannot reliably verify that the filenames sent back match the
pattern.
-PSCP will attempt to use the newer SFTP protocol (part of SSH 2)
+PSCP will attempt to use the newer SFTP protocol (part of SSH-2)
where possible, which does not suffer from this security flaw. If
-you are talking to an SSH 2 server which supports SFTP, you will
+you are talking to an SSH-2 server which supports SFTP, you will
never see this warning. (You can force use of the SFTP protocol,
if available, with \c{-sftp} - see \k{pscp-usage-options-backend}.)
-If you really need to use a server-side wildcard with an SSH 1
+If you really need to use a server-side wildcard with an SSH-1
server, you can use the \c{-unsafe} command line option with PSCP:
\c pscp -unsafe fred@example.com:source/*.c c:\source
are giving the server the ability to write to \e{any} file in the
target directory, so you should only use this option if you trust
the server administrator not to be malicious (and not to let the
-server machine be cracked by malicious people).
+server machine be cracked by malicious people). Alternatively, do
+any such download in a newly created empty directory. (Even in
+\q{unsafe} mode, PSCP will still protect you against the server
+trying to get out of that directory using pathnames including
+\cq{..}.)
\S2{pscp-usage-basics-user} \c{user}
quoting (for instance, where filenames contain spaces), and also the
security issue described in \k{pscp-usage-basics}.
-The newer SFTP protocol, which is usually associated with SSH 2
+The newer SFTP protocol, which is usually associated with SSH-2
servers, is specified in a more platform independent way, and leaves
-issues such as wildcard syntax up to the client. This makes it more
-consistent across platforms, more suitable for scripting and
-automation, and avoids security issues with wilcard matching.
+issues such as wildcard syntax up to the client. (PuTTY's SFTP
+wildcard syntax is described in \k{psftp-wildcards}.) This makes it
+more consistent across platforms, more suitable for scripting and
+automation, and avoids security issues with wildcard matching.
Normally PSCP will attempt to use the SFTP protocol, and only fall
back to the SCP protocol if SFTP is not available on the server.
The \c{-sftp} option forces PSCP to use the SFTP protocol or quit.
When this option is specified, PSCP looks harder for an SFTP server,
-which may allow use of SFTP with SSH 1 depending on server setup.
+which may allow use of SFTP with SSH-1 depending on server setup.
\S{pscp-retval} Return value
projects / u / mdw / putty / blobdiff