How to Transfer Files via SCP (Secure Copy Protocol)

Overview

SCP (Secure Copy Protocol) is a command-line tool that copies files between machines over an encrypted SSH connection. If you’ve got SSH access to a server, you’ve already got SCP — no extra software required.

Most people reach for SCP when they need to move a database dump, push a config file to a VPS, or pull logs off a remote server without setting up an FTP client. It’s fast, scriptable, and works on any Linux or macOS terminal out of the box. Windows users can use it via WSL, PowerShell (OpenSSH is included from Windows 10 onward), or tools like PuTTY’s pscp.

This article covers the core SCP transfer commands, useful flags, and the errors that catch people off guard the first time they use it.

Prerequisites

• SSH access to the remote server (username, IP address or hostname, and port — default is 22)
• A terminal: bash/zsh on Linux or macOS, PowerShell or WSL on Windows
• OpenSSH client installed — run ssh -V to confirm. Most Linux distros include it; macOS has it built in
• Correct file permissions on both source and destination paths — SCP won’t create destination directories that don’t exist (unless you use -r with an existing parent)
• If using key-based auth: your private key file (.pem or .key) available locally

Step-by-Step Instructions

Step 1 — Understand the basic SCP syntax

Every SCP command follows this pattern:

scp [options] source destination

Source and destination can each be either local (just a file path) or remote (formatted as user@host:/path). The direction of the transfer depends on which side is local and which is remote.

Step 2 — Upload a file from your local machine to a remote server

This is the most common use case — pushing a file up to your VPS or dedicated server.

scp /home/youruser/backup.sql root@203.0.113.45:/var/backups/

Breaking that down: /home/youruser/backup.sql is the local source file, root@203.0.113.45 is the remote user and server IP, and /var/backups/ is the destination directory on the server. SCP will prompt for your password unless you’re using key-based auth.

📝 Note: If your SSH daemon is running on a non-standard port (common on hardened servers), pass the port with -P (capital P — this catches people out because ssh uses lowercase -p).

scp -P 2222 /home/youruser/backup.sql root@203.0.113.45:/var/backups/

Step 3 — Download a file from a remote server to your local machine

Just flip the source and destination:

scp root@203.0.113.45:/var/log/nginx/error.log /home/youruser/downloads/

This pulls error.log off the server and drops it into your local downloads folder.

Step 4 — Transfer a directory recursively

To copy an entire folder, add the -r flag. Without it, SCP will silently skip directories.

scp -r root@203.0.113.45:/var/www/html/mysite /home/youruser/site-backup/

⚠ Warning: On large directories, this can take a long time and will fail if your SSH connection drops mid-transfer. For anything over a few hundred MB, I’d recommend using rsync over SSH instead — it’s resumable. That said, SCP is fine for smaller directories and one-off transfers.

Step 5 — Use an SSH key instead of a password

If your server uses key-based authentication (which it should), pass your private key with -i:

scp -i ~/.ssh/my-server-key.pem root@203.0.113.45:/var/backups/backup.sql /home/youruser/

📝 Note: Your key file must have permissions set to 600. If they’re too open, SSH will refuse to use the key and throw a warning. Fix it with:

chmod 600 ~/.ssh/my-server-key.pem

Step 6 — Transfer files between two remote servers

SCP can copy directly from one remote host to another without the file touching your local machine first. This is useful when migrating data between servers — for example, moving a site from an old VPS to a new one.

scp root@203.0.113.10:/var/www/html/site.tar.gz root@203.0.113.45:/var/www/html/

⚠ Warning: This actually routes the transfer through your local machine’s SSH connection by default in modern OpenSSH versions (the old -3 flag behaviour is now standard). Both servers need to be reachable from your local machine. If you’re behind a NAT or the servers can’t be reached simultaneously from where you’re sitting, this won’t work — SSH directly into the source server and use SCP from there instead.

Step 7 — Useful flags to know

• -C — enables compression. Speeds up transfers on slow connections or for uncompressed files like logs and CSVs
• -v — verbose output. Shows the SSH handshake and transfer progress. Useful when debugging a connection issue
• -q — quiet mode, suppresses progress output. Good for scripts
• -l — limits bandwidth in Kbits/s. For example, -l 8192 caps the transfer at roughly 1 MB/s so you don’t saturate a shared connection

A combined example — uploading a large archive with compression and bandwidth limiting:

scp -C -l 8192 -i ~/.ssh/my-key.pem /home/youruser/archive.tar.gz root@203.0.113.45:/var/backups/

If you’re running a VPS SSD Hosting plan with Host & Tech, SCP over SSH is one of the quickest ways to push files to your server or pull backups down locally — especially useful right after provisioning a new instance.

Common Issues & Troubleshooting

Permission denied (publickey,password)

This means the SSH connection itself failed before SCP even started. The server rejected your credentials. Check that you’re using the correct username — on Ubuntu-based servers it’s often ubuntu, not root. If using a key, confirm the public key is in ~/.ssh/authorized_keys on the remote server and that the private key path you’re passing with -i is correct. Also check that PasswordAuthentication isn’t disabled in /etc/ssh/sshd_config if you’re trying password login.

scp: /destination/path: No such file or directory

SCP doesn’t create missing parent directories on the destination. If /var/backups/myapp/ doesn’t exist on the remote server, the transfer will fail. SSH into the server first and run mkdir -p /var/backups/myapp/, then retry the SCP command.

Received disconnect from … : Too many authentication failures

This one’s annoyingly common and the error message isn’t obvious about the cause. OpenSSH tries every key in your ~/.ssh/ directory automatically. If you have many keys, the server may hit its MaxAuthTries limit before trying the right one. Force SCP to use only a specific key and skip the SSH agent with:

scp -o IdentitiesOnly=yes -i ~/.ssh/correct-key.pem user@host:/path /local/path

Stalled transfer / connection hangs mid-file

Usually a firewall or NAT timeout dropping idle-looking connections on large transfers. Add SSH keepalive options to prevent the connection from being dropped:

scp -o ServerAliveInterval=60 -o ServerAliveCountMax=5 largefile.tar.gz user@host:/destination/

This sends a keepalive packet every 60 seconds, up to 5 times before giving up. For very large transfers, switching to rsync -avz --progress over SSH is the better long-term answer since it’s resumable.

Warning: Permanently added host to the list of known hosts — then hangs

First-time connections to a server trigger a host key verification prompt. If you’re running SCP in a non-interactive script and it hangs waiting for input, add -o StrictHostKeyChecking=no to skip the prompt. Only do this in controlled environments where you’re certain of the server identity — don’t use it blindly in production scripts.

scp -o StrictHostKeyChecking=no user@203.0.113.45:/path/file.txt /local/

FAQ