NAME

gcloud beta compute scp - copy files to and from Google Compute Engine virtual machines via scp

SYNOPSIS

gcloud beta compute scp [[USER@]INSTANCE:]SRC [[[USER@]INSTANCE:]SRC ...] [[USER@]INSTANCE:]DEST [--compress] [--dry-run] [--force-key-file-overwrite] [--plain] [--port=PORT] [--recurse] [--scp-flag=SCP_FLAG] [--ssh-key-file=SSH_KEY_FILE] [--strict-host-key-checking=STRICT_HOST_KEY_CHECKING] [--zone=ZONE] [--internal-ip | --tunnel-through-iap] [--network=NETWORK --region=REGION : --dest-group=DEST_GROUP] [--ssh-key-expiration=SSH_KEY_EXPIRATION | --ssh-key-expire-after=SSH_KEY_EXPIRE_AFTER] [GCLOUD_WIDE_FLAG ...]

DESCRIPTION

(BETA) gcloud beta compute scp securely copies files between a virtual machine instance and your local machine using the scp command.

This command works for Linux VMs and Windows Server 2019 and later VMs that have SSH enabled https://cloud.google.com/compute/docs/connect/windows-ssh.

In order to set up a successful transfer, follow these guidelines:

Under the covers, scp(1) is used to facilitate the transfer.

If the --region and --network flags are provided, then --plain and --tunnel-through-iap are implied and any remote file names must be prefixed with the remote IP address instead of the instance name. This is most useful for connecting to on-prem resources.

EXAMPLES

To copy a remote directory, ~/narnia, from example-instance to the ~/wardrobe directory of your local host, run:

$ gcloud beta compute scp --recurse example-instance:~/narnia \ ~/wardrobe

Conversely, files from your local computer can be copied to a virtual machine:

$ gcloud beta compute scp ~/localtest.txt ~/localtest2.txt \ example-instance:~/narnia

If the zone cannot be determined, you will be prompted for it. Use the --zone flag to avoid being prompted:

$ gcloud beta compute scp --recurse example-instance:~/narnia \ ~/wardrobe --zone=us-central1-a

To specify the project, zone, and recurse all together, run:

$ gcloud beta compute scp --project="my-gcp-project" \ --zone="us-east1-b" --recurse ~/foo-folder/ gcp-instance-name:~/

You can limit the allowed time to ssh. For example, to allow a key to be used through 2019:

$ gcloud beta compute scp --recurse example-instance:~/narnia \ ~/wardrobe --ssh-key-expiration="2020-01-01T00:00:00:00Z"

Or alternatively, allow access for the next two minutes:

$ gcloud beta compute scp --recurse example-instance:~/narnia \ ~/wardrobe --ssh-key-expire-after=2m

To use the IP address of your remote VM (eg, for on-prem), you must also specify the --region and --network flags:

$ gcloud beta compute scp 10.1.2.3:~/narnia ~/wardrobe \ --region=us-central1 --network=default

POSITIONAL ARGUMENTS

[[USER@]INSTANCE:]SRC [[[USER@]INSTANCE:]SRC ...]

Specifies the files to copy.

[[USER@]INSTANCE:]DEST

Specifies a destination for the source files.

FLAGS

--compress

Enable compression.

--dry-run

Print the equivalent scp/ssh command that would be run to stdout, instead of executing it.

--force-key-file-overwrite

If enabled, the gcloud command-line tool will regenerate and overwrite the files associated with a broken SSH key without asking for confirmation in both interactive and non-interactive environments.

If disabled, the files associated with a broken SSH key will not be regenerated and will fail in both interactive and non-interactive environments.

--plain

Suppress the automatic addition of ssh(1)/scp(1) flags. This flag is useful if you want to take care of authentication yourself or use specific ssh/scp features.

--port=PORT

The port to connect to.

--recurse

Upload directories recursively.

--scp-flag=SCP_FLAG

Extra flag to be sent to scp. This flag may be repeated.

--ssh-key-file=SSH_KEY_FILE

The path to the SSH key file. By default, this is ~/.ssh/google_compute_engine.

--strict-host-key-checking=STRICT_HOST_KEY_CHECKING

Override the default behavior of StrictHostKeyChecking for the connection. By default, StrictHostKeyChecking is set to 'no' the first time you connect to an instance, and will be set to 'yes' for all subsequent connections. STRICT_HOST_KEY_CHECKING must be one of: yes, no, ask.

--zone=ZONE

The zone of the instance to copy files to/from.

If not specified and the compute/zone property isn't set, you might be prompted to select a zone (interactive mode only).

To avoid prompting when this flag is omitted, you can set the compute/zone property:

$ gcloud config set compute/zone ZONE

A list of zones can be fetched by running:

$ gcloud compute zones list

To unset the property, run:

$ gcloud config unset compute/zone

Alternatively, the zone can be stored in the environment variable CLOUDSDK_COMPUTE_ZONE.

At most one of these can be specified:
--internal-ip

Connect to instances using their internal IP addresses rather than their external IP addresses. Use this to connect from one instance to another on the same VPC network, over a VPN connection, or between two peered VPC networks.

For this connection to work, you must configure your networks and firewall to allow SSH connections to the internal IP address of the instance to which you want to connect.

To learn how to use this flag, see https://cloud.google.com/compute/docs/instances/connecting-advanced#sshbetweeninstances.

--tunnel-through-iap

Tunnel the ssh connection through Cloud Identity-Aware Proxy for TCP forwarding.

To learn more, see the IAP for TCP forwarding documentation https://cloud.google.com/iap/docs/tcp-forwarding-overview.

--network=NETWORK

Configures the VPC network to use when connecting via IP address or FQDN.

--region=REGION

Configures the region to use when connecting via IP address or FQDN.

--dest-group=DEST_GROUP

Configures the destination group to use when connecting via IP address or FQDN.

At most one of these can be specified:
--ssh-key-expiration=SSH_KEY_EXPIRATION

The time when the ssh key will be valid until, such as "2017-08-29T18:52:51.142Z." This is only valid if the instance is not using OS Login. See $ gcloud topic datetimes for information on time formats.

--ssh-key-expire-after=SSH_KEY_EXPIRE_AFTER

The maximum length of time an SSH key is valid for once created and installed, e.g. 2m for 2 minutes. See $ gcloud topic datetimes for information on duration formats.

GCLOUD WIDE FLAGS

These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.

Run $ gcloud help for details.

NOTES

This command is currently in beta and might change without notice. These variants are also available:

$ gcloud compute scp

$ gcloud alpha compute scp