SCP suffered from weak input validation for decades until CVE-2019-6111, the maintainers recommended using SFTP until patched versions can be deployed. I, like many others, were reminded SFTP existed!
In brief, SFTP is the tried & true FTP wrapped in SSH; SCP is a very dated RCP inside SSH. As this CVE shows, the SCP codebase has been neglected and perhaps shouldn’t be relied on.
Send file to remote:
sftp [email protected]:/path/to/put.file <<< "put /path/to/local.file"
Receive file from remote:
sftp [email protected]:/path/to/remote.file /path/to/local.file
-r to recurse a directory.
It’s less trivial than SCP, although SFTP has more features, like interactive mode:
$ sftp [email protected] Connected to host. sftp> ls test sftp> cd test sftp> ls script.sh sftp> get script.sh Fetching /home/me/test/script.sh to script.sh /home/me/test/script.sh 100% 196 193.7KB/s 00:00 sftp> exit $ ls script.sh