Overview of vcp


vcp is a simple file transfer program with SSH-based strong encryption [The process of converting a data transmission into a secret format that cannot easily be read by unauthorized individuals. See also: decryption.] used to securely copy files over the network. vcp uses SSH2 [The second version of the SSH protocol which provides a way to encrypt network traffic between a client and a server, with a slightly different set of security features than the SSH1 protocol provides.] for data transfer providing users with the same authentication methods and security as SSH2. vcp is a command-line utility accessed from the Windows command prompt.

Using vcp

The following is the format for vcp commands:

vcp [options] source [source ...] destination

vcp supports multiple sources. File source and destination are specified as follows:

[[user@[domain@]host[#port]:]file

File sources and destinations may contain a user, host and port specification to indicate that the file is to be copied to or from that host. Copies between two remote hosts are permitted. The following conditions apply:

·    The user@ argument is optional. If it is not specified, your Windows or network username will be used.

·    The host argument is optional. If it is not specified, your current host is used but local-to-local transfers will not be permitted.

·    The #port argument is optional. If it is not specified, the default port 22 will be used.

·    The file argument can contain the wildcard characters * and ?. These wildcard characters will be expanded by vcp. Only one * wildcard character is permitted in a file argument. Any wildcard characters to the right of the first * will not be expanded.

·    The file argument can contain backslashes. To transfer files or folders with a backslash in the name, the backslash must be escaped. Also, due to how the UNIX shell processes command lines, the escape characters must be escaped on UNIX or the path must be in single quotes.  For example:

vcp 'redhat:Testing\\Testing/filename.txt' ~/Downloads

vcp redhat:Testing\\\\Testing/filename.txt ~/Downloads

The above examples will transfer filename.txt in Testing\Testing on redhat to the local Downloads directory.

Options

The following table lists the command-line options that can be used with vcp commands.

Option

Argument

Description

--accepthostkeys

 

Instructs vcp to automatically accept host keys.

--ascii

 

Instructs vcp to use ASCII mode to transfer files.

--auth

authentication list

The authentication methods to be used in a comma separated list. Valid methods are keyboard-interactive, publickey, password, gss-ms-kerberos, and gssapi.

-c

cipher

The cipher [An algorithm used to encrypt data at varying levels of security. Examples include 3DES, AES, Blowfish, RC4, and Twofish.] that the SSH2 server [A computer program that provides services to other computer programs (called clients). Often the computer on which a server program runs is also called a server. The term host is often used as a synonym for server.] will use. Protocol strings or display strings are permitted.

--check-crls

 

Instructs the application to check certificate revocation lists (CRLs) to ensure that certificates (and any in its chain) have not been listed as revoked.

--hostkeyalgorithm

host key algorithm

Specifies which host key algorithm to use. Valid algorithms are ssh-rsa, ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, ssh-dss, pgp, x509v3-sign-rsa, x509v3-ssh-rsa, x509v3-sign-dss, and x509v3-ssh-dss.

Note: The administrative policy for host key algorithms has precedence over the command line option.

--http-proxy

hostname[:port]

Specifies the http proxy to be used during connection.

-i

file

The identity file to use for public-key authentication or a PKCS #12 file to use for X.509 authentication.

vcp also supports accessing certificates through PKCS #11. The locator prefix (e.g., “pkcs11::”) and suffix (e.g., “::standard”) specify which public-key algorithm to use. To use this feature, specify a string similar to one of the following examples but using your PKCS #11 .dll file:

pkcs11::prov=c:\windows\system32\opensc-pkcs11.dll

pkcs11::prov=c:\windows\system32\pkcs11.dll::cert

The above examples use the x509v3-sign-rsa algorithm.

pkcs11::prov=c:\windows\system32\opensc-pkcs11.dll::standard

The above example uses the x509v3-sign-rsa-sha1 algorithm.

pkcs11key::prov=c:\windows\system32\pkcs11.dll

The above example uses the ssh-rsa algorithm, which can be used to send the certificate as a raw key.

--kex

KEX

Specifies which key exchange algorithm to use. Valid algorithms are diffie-hellman, diffie-hellman-group14, diffie-hellman-group, diffie-hellman-group-exchange-sha256, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, Kerberos, and any OID in dotted number format) supported by the GSSAPI provider.

--log

file

Specifies the file where vcp will log all output, in addition to sending it to the console. If the file does not exist, vcp will create it; or, if the file does exist, vcp will append the output to it. If used in combination with the -v (verbose) option, the extra verbose output will also be logged.

-m

MAC

The MAC that the SSH2 server will use.

--move

 

Instructs vcp to move the file(s).

--no-flock

 

Disables the use of flock for uploads and downloads.

--noprompt

 

Fails if prompted for user input.

-p

passphrase

The passphrase for your private key.

--pw

password

Your user password. Valid with password and keyboard-interactive authentication.

-q

 

Quiets (suppresses) screen output.

-r

 

Copies folders recursively (if you use this option, your source must be a folder).

--sftp-version

version

Specifies the SFTP version to use. Valid versions are 3, 4, 5, and 6.

--socks4

server[:port]

Socks version 4 server to be used during connection.

--socks5

server[:port]

Socks version 5 server to be used during connection.

--spn

hostname

Allows you to manually specify the SPN (Service Principal Name). The SPN is almost always of the form host@<server canonical name>. An example of a valid string is "host@mail.mydomain.com". If the server is in a different Kerberos realm, the realm name may need to be appended (e.g., host@mail.mydomain.com@KRBS.MYDOMAIN.COM.

-v

 

Displays verbose connection debug information.

-z

n

The compression level (0-9). By default, the compression level is set to 5. Setting the level to 0 turns off compression. When compression is on, vcp attempts to use zlib@openssh.com, zlib, and no compression, in that order, when making a connection.

-?
--help

 

Displays usage.

Examples

The following are examples of vcp command-line use.

Upload Examples (From Local to Remote):

In the following example, vcp will not display progress, and it will fail if user intervention is required. vcp will use "C:\keys\Identity" to authenticate with publickey to the remote system using the "bleaker" account. Once authenticated, the local file "text.xls" will be uploaded to the remote directory "/research" located on "mydomain.com".

vcp -accepthostkeys –q --noprompt –i "C:\keys\Identity" C:\text.xls bleaker@mydomain.com:/research

In the following example, vcp uses the key file located in "C:\keys" with the passphrase of "unlock" to authenticate with a secure shell server listening on port 8190 using the "webadmin" account. vcp will transfer all files in "C:\" where the filename matches the "*.xls" pattern to the "/sftp/files" directory on "mydomain.com".

vcp –i "C:\keys\Identity" –p unlock C:\*.xls webadmin@mydomain.com#8190:/sftp/files

Download Example (From Remote to Local):

In this example, vcp uses the password "passw0rd" to authenticate "johnson" on to the "redhat" server for the first time. The host key from the remote system will automatically be accepted and saved. Once the user is authenticated, all files that contain "100305" in the filename within the "/home/johnson/" directory on the server will be downloaded to the "C:\test" folder on the local machine.

vcp --pw passw0rd –-accepthostkeys johnson@redhat:/home/johnson/*100305* C:\test

Server to Server Example:

In the line below, from an example .bat file, vcp will not output file transfer progress information, and will fail if user intervention is required. It uses the "C:\key\Identity" file to authenticate with publickey to both servers. The file specified in the "%1" variable will be transferred from "chronos.com" to the path specified in the "%2" variable located on the machine named "clock".

vcp –q -–noprompt –i "C:\key\Identity" bleaker@chronos.com:%1 bleaker@clock:%2