X-Git-Url: https://git.distorted.org.uk/~mdw/sgt/putty/blobdiff_plain/6da38567d45751e43b717fad3f606e2000e27415..0906628e0ded30ff634dbdae331d310940928650:/doc/pscp.but diff --git a/doc/pscp.but b/doc/pscp.but index 9b79dd56..b9fd4bdd 100644 --- a/doc/pscp.but +++ b/doc/pscp.but @@ -1,12 +1,9 @@ -\versionid $Id: pscp.but,v 1.10 2001/02/19 10:54:18 simon Exp $ +\versionid $Id: pscp.but,v 1.17 2001/09/24 22:00:46 simon Exp $ \#FIXME: Need examples \C{pscp} Using PSCP to transfer files securely -\# Explain PSCP: the command line, the modes of use (local->remote -\# and remote->local, recursive, wildcards). - \i{PSCP}, the PuTTY Secure Copy client, is a tool for transferring files securely between computers using an SSH connection. @@ -23,7 +20,7 @@ To start PSCP it will need either to be on your \i{\c{PATH}} or in your current directory. To add the directory containing PSCP to your \c{PATH} environment variable, type into the console window: -\c set PATH C:\path\to\putty\directory;%PATH% +\c set PATH=C:\path\to\putty\directory;%PATH% This will only work for the lifetime of that particular console window. To set your \c{PATH} more permanently on Windows NT, use the @@ -76,6 +73,48 @@ server \c{example.com} as user \c{fred} to the file \c pscp c:\documents\csh-whynot.txt fred@example.com:/tmp/csh-whynot +You can use wildcards to transfer multiple files in either +direction, like this: + +\c pscp c:\documents\*.doc fred@example.com:docfiles +\c pscp fred@example.com:source/*.c c:\source + +However, in the second case (using a wildcard for multiple remote +files) you may see a warning like this: + +\c warning: remote host tried to write to a file called 'terminal.c' +\c when we requested a file called '*.c'. +\c If this is a wildcard, consider upgrading to SSH 2 or using +\c the '-unsafe' option. Renaming of this file has been disallowed. + +This is due to a fundamental insecurity in the old-style SCP +protocol: the client sends the wildcard string (\c{*.c}) to the +server, and the server sends back a sequence of file names that +match the wildcard pattern. However, there is nothing to stop the +server sending back a \e{different} pattern and writing over one of +your other files: if you request \c{*.c}, the server might send back +the file name \c{AUTOEXEC.BAT} and install a virus for you. Since +the wildcard matching rules are decided by the server, the client +cannot reliably verify that the filenames sent back match the +pattern. + +PSCP will attempt to use the newer SFTP protocol (part of SSH 2) +where possible, which does not suffer from this security flaw. If +you are talking to an SSH 2 server which supports SFTP, you will +never see this warning. + +If you really need to use a server-side wildcard with an SSH 1 +server, you can use the \c{-unsafe} command line option with PSCP: + +\c pscp -unsafe fred@example.com:source/*.c c:\source + +This will suppress the warning message and the file transfer will +happen. However, you should be aware that by using this option you +are giving the server the ability to write to \e{any} file in the +target directory, so you should only use this option if you trust +the server administrator not to be malicious (and not to let the +server machine be cracked by malicious people). + \S2{pscp-usage-basics-user} \c{user} The login name on the remote server. If this is omitted, and \c{host} @@ -187,6 +226,15 @@ Since specifying passwords in scripts is a bad idea for security reasons, you might want instead to consider using public-key authentication; see \k{pscp-pubkey}. +\S{pscp-pubkey} Return value + +PSCP returns an \cw{ERRORLEVEL} of zero (success) only if the files +were correctly transferred. You can test for this in a batch file, +using code such as this: + +\c pscp file*.* user@hostname: +\c if errorlevel 1 echo There was an error + \S{pscp-pubkey} Using public key authentication with PSCP Like PuTTY, PSCP can authenticate using a public key instead of a @@ -197,11 +245,12 @@ Firstly, PSCP can use PuTTY saved sessions in place of hostnames \b Run PuTTY, and create a PuTTY saved session (see \k{config-saving}) which specifies your private key file (see -\k{config-auth}). You will probably also want to specify a username -to log in as (see \k{config-username}). +\k{config-ssh-privkey}). You will probably also want to specify a +username to log in as (see \k{config-username}). \b In PSCP, you can now use the name of the session instead of a -hostname: \c{pscp sessionname:file localfile}. +hostname: type \c{pscp sessionname:file localfile}, where +\c{sessionname} is replaced by the name of your saved session. Secondly, PSCP will attempt to authenticate using Pageant if Pageant is running (see \k{pageant}). So you would do this: