SCP Between Servers

1 minute read

TL;DR - This won’t work:


This will work, but is slow:

scp -3

We can do better.

The scp command securely copies files between computers on the network. Commonly it’s used to copy files to and from the computer you are logged into:

scp file.txt
scp . # "." meaning "current directory"

If you read man page, it would seem like you could also use scp locally to initiate a copy between two remote servers:


However, that doesn’t actually work. Or, at least it shouldn’t. Under the hood a request with two remote servers is translated into:

ssh scp file.txt

which is to say “SSH to ‘’ and then run ‘scp file.txt’.”

Unless ‘’ can connect to ‘’ without a password, which would be a bad thing, the remote scp fails.

ssh has the -A option enables authentication forwarding, basically allowing the remote host authenticate SSH connections using your local SSH keys. If your SSH keys let you in to both “” “” then the following will work:

ssh -A

There is a security caveat when using -A. Your private key is never exposed, but a malicious user with root privileges could use your connection to authenticate to other servers as well. Only use -A when you trust the intermediary server.

While -A would seem to solve our problem, scp doesn’t have this option and it’s not going to get it

No worries, there’s a work around, scp does have a -o option which can be used to pass options to ssh. -o takes keyword arguments instead of flags, and a quick man ssh_config shows the setting we want is ForwardAgent and we need to set it to yes, so:

scp -oForwardAgent=yes


If you don’t trust the remote with your keys, there is another option, -3. This tells scp to copy the file through the local host. This works, but means the file is transferred twice which will likely take twice as long.

scp -3