Secure Copy Protocol (SCP) is a popular method of handling file transfers, much like its predecessors FTP and TFTP, but operates in a Secured Shell that encrypts the data transmissions. SCP is inherently more secure for this reason, where it relies on SSH authentication and guarantees confidentiality of the data being transmitted.
SCP isn’t the only file transfer protocol that operates in a secure shell however, SFTP is almost identical in many ways and servers will often times even support a combination of both. It is the nuances that set these apart from one another, where one may be a better choice over the other depending on the task at hand.
So how exactly do they differ from regular old FTP and when is SCP a better tool than SFTP for secure transfers?
SCP vs SFTP for Secure Transfers
You have likely heard of, and perhaps even used FTP in the past. Its a widely adopted method of transferring files and remains a common practice even today. Alas, it still relies on using credentials that are transmitted in plain text in order to authenticate with a remote server, which can be intercepted and viewed by a 3rd party.
Over the years, various techniques and practices have been created to improve the security of FTP, such as using Transport Layer Security (TLS) or even FTP over SSH, not to be confused with SFTP. Unfortunately these are nothing more than workarounds that attempt to maintain an inherently flawed protocol.
As safer alternatives, we are presented with the decision between SCP and SFTP. These both listen on TCP port 22 and utilize SSH for authentication, making them vastly superior options that benefit from the encryption a secure shell provides. SCP has the distinct advantage of being much faster than any other protocol, due in part to the fact that it doesn’t require verification of each packet.
It does however lack the ability to change the remote directory, such as listing and remove files. On the flip side, SFTP is slower as it must acknowledge every single bit of data, and more complex to boot, but it can resume file transfers and modify the directory structure.
Using SCP Servers
Since SCP is reliant on a secure shell to operate, and SSH is traditionally more common on Unix based operating systems, Windows based hosts will generally require 3rd party software to make use of it.
This isn’t to say it is out of reach, there are in fact a number of feature rich options with everything we need right out of the box for every type of operating system. We will take a look at the most popular SCP server packages for Windows, Linux and even MacOS to help you find the best tool for the job.
Here’s the Best SCP Servers of 2020:
While SSH isn’t native to the Windows operating system, there is plenty of server software available that can introduce support for a secure shell.
1. SolarWinds SCP Server (Free)
Trusted by some of the largest brands in the world including Cisco and Apple, SolarWinds is well known for their complete suite of server based tools, with a range of free, paid and trial based solutions. Their SCP/SFTP server however is fully featured and yet completely free of charge, making it an excellent choice for almost any type of networking environment.
With an emphasis on security first, SolarWinds rely exclusively on virtual accounts that are managed within the software. This creates a layer of separation between the server and system, preventing unauthorized access to other resources on the host machine in the event an account is compromised. IP white-listing is also available, allowing the sysadmin to limit connections from a specific range of addresses.
Although it is capable of all standard SCP/SFTP transfer operations, the focus is oriented towards pushing system images, firmware updates and taking backups (up to 4GB in size). It runs as a Windows service which enables it to operate 24/7 in the background, and supports concurrent transfers from multiple devices at any given time.
2. Bitvise (Free)
Bitvise is a great alternative to SolarWinds with a few key differences that help set it apart. It too is a feature rich, all inclusive SSH server, with support for both SCP and SFTP transfers through a secure shell on the Windows operating system.
In contrast to SolarWinds however, Bitvise supports not only virtual accounts managed at the software level, but can also utilize system users from Windows or Active Directory as well. This gives a much greater level of flexibility, where native system accounts can connect using their credentials and still provide temporary access to resources on the fly with virtual users.
As another added benefit, Bitvise also allows for SCP Only access restrictions. Since SCP rights usually entails full shell privileges, this can unintentionally lead to giving a user direct Powershell access by mistake. Thanks to this particular setting, we can allow SCP usage while simultaneously disabling the basic shell for that account.
3. FreeSSHd (Free)
FreeSSHD is ancient by software standards, the last stable build was released back in 2013. Nonetheless, it still works on every version of Windows released in the last 20 years, and remains a very popular choice due to it’s minimal resource usage and tiny memory footprint.
For those that don’t come from a Linux background, the ‘d’ in FreeSSHd stands for Daemon and is the equivalent of a Windows service. This is essentially a process that runs tasks in the background, which in this case is our SSH server listening for connections.
As is common with SSH servers on Windows, it does use virtual user accounts which are maintained by the software (as opposed to system accounts). It also has a simple, yet feature rich GUI interface as well, with plenty of options to check the status, manage users, start/stop the service and more. Despite the age and lack of updates, it remains a very solid choice for those in need of a Windows based SSH server for SCP file transfers.
4. OpenSSH for Windows (Free)
OpenSSH was one of the first SSH servers developed for OpenBSD in 1999. It is essentially a collection of portable networking tools that has since become widely adopted, making it the industry standard and number one choice for many system admins.
Despite having roots in Unix, the focus on portability has made it a favorable option on Windows as well. Since it is open source, modular by nature and already has wide spread support, it continues to gain acceptance. As of Windows 10, Microsoft actually began including a Win32 port of OpenSSH as an on demand component, and has even made both the client/server a Feature-on-Demand in Windows Server 2019 as well. They are maintaining both the software and documentation via Github at this point in time, although still considered as a pre-release until further notice.
As a core component of Linux, SSH support is generally included with most distributions by default. While the service is not necessarily active on a base installation, it can installed/enabled with just several commands.
OpenSSH is an open source implementation of the SSH protocol, included with most Linux distributions out of the box. It is likely deactivated by default though and will need to have the daemon started before it can be used. Once active, it will begin listening for incoming SSH connections, which can be used to initiate SCP file copies. Depending on what flavor of Linux you are running, we can install the openssh-server package with either yum or apt-get.
$sudo apt-get install openssh-server
After the OpenSSH server is installed and running on the machine, local user accounts can be used to establish a secure remote session. In comparison to FTP, which often has a global root directory configured for all users, SSH clients will be placed in to their own home directory instead.
If you would like to change the default listening port, root login permissions, etc. we can use a text editor such as Nano or VIM to modify the configuration file. For a full list of the various OpenSSH settings available, please refer to the SSH Configuration Guide.
sudo nano /etc/ssh/sshd_config
Once everything has been setup as desired, the OpenSSH server daemon just needs to be restarted for the changes to take effect.
sudo service ssh restart
6. Dropbear SSH
When a full featured SCP server just isn’t practical, a lightweight alternative like Dropbear SSH may be better suited for the job. It is both a SSH server and client that has a small memory footprint and runs on a variety of POSIX based systems. It’s also open source under the MIT-style license and especially useful for embedded applications, such as wireless routers and other resource constrained devices.
Although it has not been as widely adopted as OpenSSH, it is still an excellent alternative for specific use case scenarios. It is actively maintained by the developer, can run from inetd at startup or as a standalone server, and is even compatible with public key authentication from OpenSSH.
The trade-off however is a somewhat more complex learning curve, due in part to the wide support for various Unix based systems such as Linux, Mac, Solaris and more. Using Dropbear SSH is best suited in the hands of an experienced system administrator, familiar with makefiles and recompiling the executable as needed.
Apple Mac Compatible:
While Macs aren’t generally found in a professional server environment, they are more than capable and can even work great on a smaller scale. Although it isn’t common knowledge, MacOS is actually a Unix-like operating system as well, so it comes as no surprise that it features native support for SSH and SCP built-in to the software.
7. MacOS Native SCP Server
To enable SSH on the MacOS, go to System Preferences -> Sharing Applet, and click the checkbox next to Remote Login to enable the SSH server for all system users. There is no configuration necessary, existing account permissions will control what actions the user can take when connected.
Compared to the more robust options on other platforms, the native MacOS SSH server is a very simplified implementation. It is however extremely easy to use, costs nothing and does exactly what is needed. If nothing else, it’s a great option for home based users that need secure file sharing capabilities on their network.
When it comes to raw speed and data security, there is no better choice on the slate than SCP. It isn’t the most feature rich protocol available and lacks certain options found elsewhere, but it is optimized for high efficiency environments and remains an essential tool for system admins everywhere. Although the host operating system may have played a factor in years passed, the universal adoption of SSH has made SCP a more realistic solution regardless of platform.