X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/blobdiff_plain/8452efbc975bdfd2a9891cc1f82f158dc0c7e073..055817455466c8eb60392f30bb7c689763962e17:/doc/pscp.but

diff --git a/doc/pscp.but b/doc/pscp.but
index 73a18895..4485b9b1 100644
--- a/doc/pscp.but
+++ b/doc/pscp.but
@@ -1,15 +1,16 @@
-\versionid $Id: pscp.but,v 1.11 2001/06/28 13:36:14 owen Exp $
+\define{versionidpscp} \versionid $Id$
 
 \#FIXME: Need examples
 
 \C{pscp} Using PSCP to transfer files securely
 
-\# Explain PSCP: the command line, the modes of use (local->remote
-\# and remote->local, recursive, wildcards).
-
 \i{PSCP}, the PuTTY Secure Copy client, is a tool for transferring files
 securely between computers using an SSH connection.
 
+If you have an SSH 2 server, you might prefer PSFTP (see \k{psftp})
+for interactive use. PSFTP does not in general work with SSH 1
+servers, however.
+
 \H{pscp-starting} Starting PSCP
 
 PSCP is a command line application.  This means that you cannot just
@@ -40,17 +41,28 @@ use PSCP:
 
 \c Z:\owendadmin>pscp
 \c PuTTY Secure Copy client
-\c Release 0.50
+\c Release 0.XX
 \c Usage: pscp [options] [user@]host:source target
-\c       pscp [options] source [source...] [user@]host:target
-\c       pscp [options] -ls user@host:filespec
+\c        pscp [options] source [source...] [user@]host:target
+\c        pscp [options] -ls [user@]host:filespec
 \c Options:
 \c   -p        preserve file attributes
 \c   -q        quiet, don't show statistics
 \c   -r        copy directories recursively
 \c   -v        show verbose messages
+\c   -load sessname  Load settings from saved session
 \c   -P port   connect to specified port
+\c   -l user   connect with specified username
 \c   -pw passw login with specified password
+\c   -1 -2     force use of particular SSH protocol version
+\c   -4 -6     force use of IPv4 or IPv6
+\c   -C        enable compression
+\c   -i key    private key file for authentication
+\c   -batch    disable all interactive prompts
+\c   -unsafe   allow server-side wildcards (DANGEROUS)
+\c   -V        print version information
+\c   -sftp     force use of SFTP protocol
+\c   -scp      force use of SCP protocol
 
 (PSCP's interface is much like the Unix \c{scp} command, if you're
 familiar with that.)
@@ -70,11 +82,53 @@ To send (a) file(s) to a remote server:
 
 \c pscp [options] source [source...] [user@]host:target
 
-So to copy the local file \c{c:\\documents\\csh-whynot.txt} to the
-server \c{example.com} as user \c{fred} to the file
-\c{/tmp/csh-whynot} you would type:
-
-\c pscp c:\documents\csh-whynot.txt fred@example.com:/tmp/csh-whynot
+So to copy the local file \c{c:\\documents\\foo.txt} to the server
+\c{example.com} as user \c{fred} to the file \c{/tmp/foo} you would
+type:
+
+\c pscp c:\documents\foo.txt fred@example.com:/tmp/foo
+
+You can use wildcards to transfer multiple files in either
+direction, like this:
+
+\c pscp c:\documents\*.doc fred@example.com:docfiles
+\c pscp fred@example.com:source/*.c c:\source
+
+However, in the second case (using a wildcard for multiple remote
+files) you may see a warning saying something like \q{warning:
+remote host tried to write to a file called 'terminal.c' when we
+requested a file called '*.c'. If this is a wildcard, consider
+upgrading to SSH 2 or using the '-unsafe' option. Renaming of this
+file has been disallowed}.
+
+This is due to a fundamental insecurity in the old-style SCP
+protocol: the client sends the wildcard string (\c{*.c}) to the
+server, and the server sends back a sequence of file names that
+match the wildcard pattern. However, there is nothing to stop the
+server sending back a \e{different} pattern and writing over one of
+your other files: if you request \c{*.c}, the server might send back
+the file name \c{AUTOEXEC.BAT} and install a virus for you. Since
+the wildcard matching rules are decided by the server, the client
+cannot reliably verify that the filenames sent back match the
+pattern.
+
+PSCP will attempt to use the newer SFTP protocol (part of SSH 2)
+where possible, which does not suffer from this security flaw. If
+you are talking to an SSH 2 server which supports SFTP, you will
+never see this warning. (You can force use of the SFTP protocol,
+if available, with \c{-sftp} - see \k{pscp-usage-options-backend}.)
+
+If you really need to use a server-side wildcard with an SSH 1
+server, you can use the \c{-unsafe} command line option with PSCP:
+
+\c pscp -unsafe fred@example.com:source/*.c c:\source
+
+This will suppress the warning message and the file transfer will
+happen. However, you should be aware that by using this option you
+are giving the server the ability to write to \e{any} file in the
+target directory, so you should only use this option if you trust
+the server administrator not to be malicious (and not to let the
+server machine be cracked by malicious people).
 
 \S2{pscp-usage-basics-user} \c{user}
 
@@ -121,6 +175,14 @@ directory on the remote server.
 
 \S{pscp-usage-options} Options
 
+PSCP accepts all the general command line options supported by the
+PuTTY tools, except the ones which make no sense in a file transfer
+utility. See \k{using-general-opts} for a description of these
+options. (The ones not supported by PSCP are clearly marked.)
+
+PSCP also supports some of its own options. The following sections
+describe PSCP's specific command-line options.
+
 These are the command line options that PSCP accepts.
 
 \S2{pscp-usage-options-p}\c{-p} preserve file attributes
@@ -134,7 +196,7 @@ timestamp on copied files.
 By default, PSCP displays a meter displaying the progress of the
 current transfer:
 
-\c mibs.tar                  |        168 kB |  84.0 kB/s | ETA: 00:00:13 |  13%
+\c mibs.tar          |   168 kB |  84.0 kB/s | ETA: 00:00:13 |  13%
 
 The fields in this display are (from left to right), filename, size
 (in kilobytes) of file transferred so far, estimate of how fast the
@@ -151,59 +213,80 @@ PSCP to descend into any directories you specify, and to copy them and
 their contents.  This allows you to use PSCP to transfer whole
 directory structures between machines.
 
-\S2{pscp-usage-options-v}\c{-v} show \i{verbose} messages
+\S2{pscp-usage-options-batch}\c{-batch} avoid interactive prompts
+
+If you use the \c{-batch} option, PSCP will never give an
+interactive prompt while establishing the connection. If the
+server's host key is invalid, for example (see \k{gs-hostkey}), then
+the connection will simply be abandoned instead of asking you what
+to do next.
 
-The \c{-v} option to PSCP makes it print extra information about the
-file transfer.  For example:
+This may help PSCP's behaviour when it is used in automated
+scripts: using \c{-batch}, if something goes wrong at connection
+time, the batch job will fail rather than hang.
 
-\c Logging in as "fred".
-\c fred@example.com's password:
-\c Sending command: scp -v -f mibs.tar
-\c Connected to example.com
-\c Sending file modes: C0644 1320960 mibs.tar
-\c mibs.tar                  |       1290 kB |  67.9 kB/s | ETA: 00:00:00 | 100%
-\c Remote exit status 0
-\c Closing connection
+\S2{pscp-usage-options-backend}\c{-sftp}, \c{-scp} force use of
+particular protocol
 
-This information may be useful for debugging problems with PSCP.
+As mentioned in \k{pscp-usage-basics}, there are two different file
+transfer protocols in use with SSH. Despite its name, PSCP (like many
+other ostensible \cw{scp} clients) can use either of these protocols.
 
-\S2{pscp-usage-options-P}\c{-P port} connect to specified \i{port}
+The older SCP protocol does not have a written specification and
+leaves a lot of detail to the server platform. Wildcards are expanded
+on the server. The simple design means that any wildcard specification
+supported by the server platform (such as brace expansion) can be
+used, but also leads to interoperability issues such as with filename
+quoting (for instance, where filenames contain spaces), and also the
+security issue described in \k{pscp-usage-basics}.
 
-If the \c{host} you specify is a saved session, PSCP uses any port
-number specified in that saved session.  If not, PSCP uses the default
-SSH port, 22.  The \c{-P} option allows you specify the port number to 
-connect to for PSCP's SSH connection.
+The newer SFTP protocol, which is usually associated with SSH 2
+servers, is specified in a more platform independent way, and leaves
+issues such as wildcard syntax up to the client. (PuTTY's SFTP
+wildcard syntax is described in \k{psftp-wildcards}.) This makes it
+more consistent across platforms, more suitable for scripting and
+automation, and avoids security issues with wildcard matching.
 
-\S2{pscp-usage-options-pw}\c{-pw passw} login with specified \i{password}
+Normally PSCP will attempt to use the SFTP protocol, and only fall
+back to the SCP protocol if SFTP is not available on the server.
 
-If a password is required to connect to the \c{host}, PSCP will
-interactively prompt you for it.  However, this may not always be
-appropriate.  If you are running PSCP as part of some automated job,
-it will not be possible to enter a password by hand.  The \c{-pw}
-option to PSCP lets you specify the password to use on the command
-line.
+The \c{-scp} option forces PSCP to use the SCP protocol or quit.
 
-Since specifying passwords in scripts is a bad idea for security
-reasons, you might want instead to consider using public-key
-authentication; see \k{pscp-pubkey}.
+The \c{-sftp} option forces PSCP to use the SFTP protocol or quit.
+When this option is specified, PSCP looks harder for an SFTP server,
+which may allow use of SFTP with SSH 1 depending on server setup.
+
+\S{pscp-retval} Return value
+
+PSCP returns an \cw{ERRORLEVEL} of zero (success) only if the files
+were correctly transferred. You can test for this in a batch file,
+using code such as this:
+
+\c pscp file*.* user@hostname:
+\c if errorlevel 1 echo There was an error
 
 \S{pscp-pubkey} Using public key authentication with PSCP
 
 Like PuTTY, PSCP can authenticate using a public key instead of a
-password. There are two ways you can do this.
+password. There are three ways you can do this.
 
 Firstly, PSCP can use PuTTY saved sessions in place of hostnames
 (see \k{pscp-usage-basics-host}). So you would do this:
 
 \b Run PuTTY, and create a PuTTY saved session (see
 \k{config-saving}) which specifies your private key file (see
-\k{config-auth}). You will probably also want to specify a username
-to log in as (see \k{config-username}).
+\k{config-ssh-privkey}). You will probably also want to specify a
+username to log in as (see \k{config-username}).
 
 \b In PSCP, you can now use the name of the session instead of a
-hostname: \c{pscp sessionname:file localfile}.
+hostname: type \c{pscp sessionname:file localfile}, where
+\c{sessionname} is replaced by the name of your saved session.
 
-Secondly, PSCP will attempt to authenticate using Pageant if Pageant
+Secondly, you can supply the name of a private key file on the command
+line, with the \c{-i} option. See \k{using-cmdline-identity} for more
+information.
+
+Thirdly, PSCP will attempt to authenticate using Pageant if Pageant
 is running (see \k{pageant}). So you would do this:
 
 \b Ensure Pageant is running, and has your private key stored in it.
@@ -213,9 +296,3 @@ automatically detect Pageant and try to use the keys within it.
 
 For more general information on public-key authentication, see
 \k{pubkey}.
-
-\H{pscp-ixplorer} \i{Secure iXplorer}
-
-Lars Gunnarson has written a graphical interface for PSCP.  You can
-get it from his web site, at
-\W{http://www.i-tree.org/}{www.i-tree.org}.