vcp is a simple file transfer program with SSH-based strong encryption used to securely copy files over the network. vcp uses SSH2 for data transfer providing users with the same authentication methods and security as SSH2. vcp is a command-line utility accessed from the Windows command prompt.
Using vcp
The following is the format for vcp commands:
vcp [options] source [source ...] destination
vcp supports multiple sources. File source and destination are specified as follows:
[[user@[domain@]host[#port]:]file
File sources and destinations may contain a user, host and port specification to indicate that the file is to be copied to or from that host. Copies between two remote hosts are permitted. The following conditions apply:
· The user@
argument is optional. If it is not specified, your Windows or network username will be used.
· The host
argument is optional. If it is not specified, your current host is used but local-to-local transfers will not be permitted.
· The #port
argument is optional. If it is not specified, the default port 22 will be used.
· The file
argument can contain the wildcard characters *
and ?
. These wildcard characters will be expanded by vcp. Only one *
wildcard character is permitted in a file
argument. Any wildcard characters to the right of the first *
will not be expanded.
· The file
argument can contain backslashes. To transfer files or folders with a backslash in the name, the backslash must be escaped. Also, due to how the UNIX shell processes command lines, the escape characters must be escaped on UNIX or the path must be in single quotes. For example:
vcp 'redhat:Testing\\Testing/filename.txt' ~/Downloads
vcp redhat:Testing\\\\Testing/filename.txt ~/Downloads
The above examples will transfer filename.txt in Testing\Testing on redhat to the local Downloads directory.
Options
The following table lists the command-line options that can be used with vcp commands.
Option |
Argument |
Description |
--accepthostkeys |
|
Instructs vcp to automatically accept host keys. |
--ascii |
|
Instructs vcp to use ASCII mode to transfer files. |
--auth |
|
The authentication methods to be used in a comma separated list. Valid methods are keyboard-interactive, publickey, password, gss-ms-kerberos, and gssapi. |
-c |
cipher |
The cipher that the SSH2 server will use. Protocol strings or display strings are permitted. |
--check-crls |
|
Instructs the application to check certificate revocation lists (CRLs) to ensure that certificates (and any in its chain) have not been listed as revoked. |
--hostkeyalgorithm |
host key algorithm |
Specifies which host key algorithm to use. Valid algorithms are ssh-rsa, ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, ssh-dss, pgp, x509v3-sign-rsa, x509v3-ssh-rsa, x509v3-sign-dss, and x509v3-ssh-dss. Note: The administrative policy for host key algorithms has precedence over the command line option. |
--http-proxy |
hostname[:port] |
Specifies the http proxy to be used during connection. |
-i |
file |
The identity file to use for public-key authentication or a PKCS #12 file to use for X.509 authentication. vcp also supports accessing certificates through PKCS #11. The locator prefix (e.g., “pkcs11::”) and suffix (e.g., “::standard”) specify which public-key algorithm to use. To use this feature, specify a string similar to one of the following examples but using your PKCS #11 .dll file: pkcs11::prov=c:\windows\system32\opensc-pkcs11.dll pkcs11::prov=c:\windows\system32\pkcs11.dll::cert The above examples use the x509v3-sign-rsa algorithm. pkcs11::prov=c:\windows\system32\opensc-pkcs11.dll::standard The above example uses the x509v3-sign-rsa-sha1 algorithm. pkcs11key::prov=c:\windows\system32\pkcs11.dll The above example uses the ssh-rsa algorithm, which can be used to send the certificate as a raw key. |
--kex |
KEX |
Specifies which key exchange algorithm to use. Valid algorithms are diffie-hellman, diffie-hellman-group14, diffie-hellman-group, diffie-hellman-group-exchange-sha256, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, Kerberos, and any OID in dotted number format) supported by the GSSAPI provider. |
--log |
file |
Specifies the file where vcp will log all output, in addition to sending it to the console. If the file does not exist, vcp will create it; or, if the file does exist, vcp will append the output to it. If used in combination with the -v (verbose) option, the extra verbose output will also be logged. |
-m |
MAC |
The MAC that the SSH2 server will use. |
--move |
|
Instructs vcp to move the file(s). |
--no-flock |
|
Disables the use of flock for uploads and downloads. |
--noprompt |
|
Fails if prompted for user input. |
-p |
passphrase |
The passphrase for your private key. |
--pw |
password |
Your user password. Valid with password and keyboard-interactive authentication. |
-q |
|
Quiets (suppresses) screen output. |
-r |
|
Copies folders recursively (if you use this option, your source must be a folder). |
--sftp-version |
version |
Specifies the SFTP version to use. Valid versions are 3, 4, 5, and 6. |
--socks4 |
|
|
--socks5 |
|
|
--spn |
hostname |
Allows you to manually specify the SPN (Service Principal Name). The SPN is almost always of the form host@<server canonical name>. An example of a valid string is "host@mail.mydomain.com". If the server is in a different Kerberos realm, the realm name may need to be appended (e.g., host@mail.mydomain.com@KRBS.MYDOMAIN.COM. |
-v |
|
Displays verbose connection debug information. |
-z |
n |
The compression level (0-9). By default, the compression level is set to 5. Setting the level to 0 turns off compression. When compression is on, vcp attempts to use zlib@openssh.com, zlib, and no compression, in that order, when making a connection. |
|
|
Displays usage. |
Examples
The following are examples of vcp command-line use.
Upload Examples (From Local to Remote):
In the following example, vcp will not display progress, and it will fail if user intervention is required. vcp will use "C:\keys\Identity" to authenticate with publickey to the remote system using the "bleaker" account. Once authenticated, the local file "text.xls" will be uploaded to the remote directory "/research" located on "mydomain.com".
vcp -accepthostkeys –q --noprompt –i "C:\keys\Identity" C:\text.xls bleaker@mydomain.com:/research
In the following example, vcp uses the key file located in "C:\keys" with the passphrase of "unlock" to authenticate with a secure shell server listening on port 8190 using the "webadmin" account. vcp will transfer all files in "C:\" where the filename matches the "*.xls" pattern to the "/sftp/files" directory on "mydomain.com".
vcp –i "C:\keys\Identity" –p unlock C:\*.xls webadmin@mydomain.com#8190:/sftp/files
Download Example (From Remote to Local):
In this example, vcp uses the password "passw0rd" to authenticate "johnson" on to the "redhat" server for the first time. The host key from the remote system will automatically be accepted and saved. Once the user is authenticated, all files that contain "100305" in the filename within the "/home/johnson/" directory on the server will be downloaded to the "C:\test" folder on the local machine.
vcp --pw passw0rd –-accepthostkeys johnson@redhat:/home/johnson/*100305* C:\test
Server to Server Example:
In the line below, from an example .bat file, vcp will not output file transfer progress information, and will fail if user intervention is required. It uses the "C:\key\Identity" file to authenticate with publickey to both servers. The file specified in the "%1" variable will be transferred from "chronos.com" to the path specified in the "%2" variable located on the machine named "clock".
vcp –q -–noprompt –i "C:\key\Identity" bleaker@chronos.com:%1 bleaker@clock:%2