Why use an SCP server?
There are many protocols that facilitate file transfers over the network. Some of the earlier ones that are still in use today are FTP and TFTP. Another, more secure method, is SCP (Secure Copy). While FTP can be made more secure by using TLS, SCP is inherently more secure because it’s really just an SSH session used solely for transferring files. It therefore brings all the benefits of SSH’s security, encryption, and confidentiality along with it. As such, there’s no such thing as an SCP “server” per se. Rather, an SSH server is used to perform the file copy. Here’s our list of top 7 best SCP servers .
- 1 Why use an SCP server?
- 2 Windows SCP servers
- 3 1. SolarWinds (FREE DOWNLOAD)
- 4 2. Bitvise
- 5 3. FreeSSHd
- 6 4. OpenSSH for Windows
- 7 Linux SCP servers
- 8 5. OpenSSH SCP server for Linux
- 9 6. Dropbear SCP server
- 10 7. macOS SCP servers
- 11 Final words
Windows SCP servers
SolarWinds maintains a comprehensive suite of IT tools which includes a combination SFTP and SCP server (available free here). The application runs as a Windows service which means that its basic operation should be familiar to Windows systems administrators.
Unlike Linux-based SCP, SolarWinds SCP server supports the creation of virtual users. These are user accounts which can be used to authenticate into the SCP server for the purpose of copying files. But, the accounts are not native Windows accounts and therefore don’t actually exist on the system. This provides a decent level of security. In the event that an SCP account credential was compromised, it could not be used to log in to the system directly as a user.
Since both SFTP and SCP run over SSH, the Bitvise SSH server supports both of these secure file transfer protocols.
Bitvise allows the use of either Windows native user accounts, or virtual users. This provides a great deal of flexibility because there’s no need to create full-blown Windows user accounts in order to provide ad-hoc access to secured file directories.
Bitvise also allows systems administrators to restrict connections to SCP only. In many SCP implementations, SCP access implies SSH (shell) access. This is not usually an issue with Unix-like operation systems because those systems have account-level security baked in. But, with Windows systems, this access can inadvertently lead to unintended access to things like Power Shell. With that in mind, Bitvise supports the ability to allow SCP access, but disallow basic shell access.
FreeSSHd is what it sounds like. It is a Free SSH *d**aemon for Windows. In Unix parlance, a *daemon is akin to a Windows service.
FreeSSHd can run on any Windows system newer than and including Windows NT 4 (which is pretty much all of them) and creates a very small memory and resource footprint. It supports virtual users and an easy-to-use interface to monitor, and start or stop the service.
4. OpenSSH for Windows
Open SSH is the grandaddy of all SSH servers. It has been around since 1999 when it was first released as part of the OpenBSD operating system. Technically, OpenSSH is a suite of tools, but most of the heavy lifting is done by the Open SSH program. It was designed to be ported to other operating system and because of that, it is probably the most widely used SSH server on the planet. Bundled with SSH comes SCP, so Open SSH likely takes the lead in the SCP category as well.
The Microsoft Open SSH server is under development still, but there is a pre-release version available here (as of Oct 17, 2017). It will take some Windows administrator chops as it mainly requires Power Shell command-line skills to get it set up and working.
While it may be in pre-release now, Open SSH has such a strong lineage that it will likely become the defacto SCP server in Windows just as it is in other operating systems now.
A note about Cygwin
Most Linux systems administrators are aware of an application project named Cygwin. It’s also fair to say that almost nobody else has heard of it, however many Windows systems administrators can probably benefit from Cygwin.
Cygwin is an open source project that provides a Windows DLL file which contains a really large amount of POSIX API functions. What does this mean? It means that many Linux applications can be recompiled to use Cygwin and therefore those applications can be run on Windows.
Cygwin is mentioned in this article because there are many Linux SSH and SCP servers that ostensibly are only available as Linux packages, but digging a little deeper often reveals that they also have Cygwin packages. Windows systems administrators that are comfortable with a Linux application of any sort should investigate if a Cygwin package is available.
Linux SCP servers
5. OpenSSH SCP server for Linux
Most Linux distributions comes with Open SSH installed, although it usually is not running by default. You’ll likely have to start the Open SSH daemon to allow SSH connections which will, in turn, allow SCP file copies.
The package name in most cases is openssh-server.
$ apt-cache search openssh-server openssh-server - secure shell (SSH) server, for secure access from remote machines
Installing it should be as simple as running your package manager’s install command.
$apt-get install openssh-server
Once the server is installed and running, existing system users will be able to use an SCP client to connect, and copy files to and from directories on the server where they have read permissions. Unlike FTP which is usually set up to allow multiple users access to the same set of upload and download directories, SSH drops users into their home directory by default. You may have to tweak your file system permissions if you would like your users to be able to access other directories on the server.
6. Dropbear SCP server
There may be situations where a full-blown SCP server is not feasible or desirable. In that case, smaller-footprint SCP servers such as Dropbear can help. Dropbear is aimed at embedded systems such as routers that may need SSH or SCP functionality but it can be used as an SCP server on any POSIX compliant platform.
System administrators wishing to customize Dropbear will need to have some moderate skills. Tasks such as disabling basic SSH, but leaving SCP functioning, will require modifications to the Dropbear makefile, and a recompile of the executable.
7. macOS SCP servers
As a Unix-like operating system, macOS has native support for SSH and, therefore, SCP. To enable SSH on your macOS computer, navigate to System Preferences -> Sharing Applet and enable the Remote Login option. This will enable SSH for all the users on the machine.
There are a lot of reasons to choose SCP over FTP and FTPS, but fewer reasons to choose SCP over SFTP. Both SCP and SFTP are actually special types of SSH sessions so they provide the same pros and cons of a standard SSH shell session. In contrast FTP and FTPS are less secure, so if you’re running either of those types of servers, you should migrate to either SCP or SFTP.