How to transfer files with PSCP from PuTTY

Secure file transfer keeps configuration backups, logs, and release artifacts moving without exposing credentials or data in transit. PSCP, included with the PuTTY suite, provides a lightweight way to copy files over SSH from Windows 11. Using encrypted transport avoids the clear-text risk of legacy file transfer protocols.

PSCP is a command-line SCP client that connects to an SSH server and copies files between local and remote paths. The transfer direction is determined by which side uses the remote spec format ([user@]host:/path), while local paths use standard Windows paths. Host key validation uses PuTTY’s host key cache, so the first connection to a new server prompts to trust and store the server fingerprint.

Transfers require an accessible SSH service, valid credentials (password or .ppk key), and sufficient permissions on the target directory. The first-time host key prompt should be verified out-of-band to avoid man-in-the-middle risk, especially when automation uses -batch. Remote paths typically use forward slashes, and paths containing spaces should be quoted.

Steps to transfer files with PSCP from PuTTY:

Open Command Prompt or Windows Terminal on Windows 11.

Upload a local file to a remote path using the [user@]host:/path destination format.

C:\> pscp "C:\Temp\report.csv" admin@server.example.net:/home/admin/report.csv
The server's host key is not cached in the registry. You have no guarantee that the server is the computer you think it is.
The server's ssh-ed25519 key fingerprint is:
ssh-ed25519 255 SHA256:ZQm0F0KqzYH8ZPq5bY0c4sK3JpC7M0pD0x2r6oKQ3hQ
If you trust this host, enter "y" to add the key to PuTTY's cache and carry on connecting.
Store key in cache? (y/n) y
admin@server.example.net's password:
report.csv | 74 kB | 74.0 kB/s | ETA: 00:00:00 | 100%

Storing an incorrect host key can enable interception, so confirm the fingerprint from a trusted channel before entering y.

Add -sftp when the server blocks SCP but allows SFTP.

Download a remote file by placing the remote spec on the source side.

C:\> pscp admin@server.example.net:/var/log/auth.log "C:\Temp\auth.log"
auth.log | 1532 kB | 1532.0 kB/s | ETA: 00:00:00 | 100%

Upload a directory recursively using the -r option.

C:\> pscp -r "C:\Temp\reports" admin@server.example.net:/home/admin/reports/
reports\2025-12.csv | 55 kB | 55.0 kB/s | ETA: 00:00:00 | 100%
reports\2025-11.csv | 49 kB | 49.0 kB/s | ETA: 00:00:00 | 100%
##### snipped #####

Download a directory recursively by using the remote spec as the source with -r.

C:\> pscp -r admin@server.example.net:/home/admin/reports "C:\Temp\reports"
reports\2025-12.csv | 55 kB | 55.0 kB/s | ETA: 00:00:00 | 100%
reports\2025-11.csv | 49 kB | 49.0 kB/s | ETA: 00:00:00 | 100%
##### snipped #####

Authenticate with a .ppk private key using the -i option.

C:\> pscp -i "C:\Users\Admin\Documents\keys\id_ed25519.ppk" "C:\Temp\report.csv" admin@server.example.net:/home/admin/report.csv
Passphrase for key "id_ed25519.ppk":
report.csv | 74 kB | 74.0 kB/s | ETA: 00:00:00 | 100%

A key loaded in Pageant can be used without -i when the agent is available.

Specify a non-default SSH port using -P when the server is not on 22.

C:\> pscp -P 2222 "C:\Temp\report.csv" admin@server.example.net:/home/admin/report.csv
report.csv | 74 kB | 74.0 kB/s | ETA: 00:00:00 | 100%

-P sets the port, while -p is a different option, so case matters.

Run PSCP non-interactively with -batch for scripted transfers.
```
C:\> pscp -batch -P 2222 -i "C:\Users\Admin\Documents\keys\id_ed25519.ppk" "C:\Temp\report.csv" admin@server.example.net:/home/admin/report.csv
report.csv | 74 kB | 74.0 kB/s | ETA: 00:00:00 | 100%
```
-batch disables prompts, so an unknown host key or a passphrase prompt causes failure unless the host key is already cached and the key is usable without interaction.

Verify the transferred file exists locally by checking the destination path.

C:\> dir C:\Temp\auth.log
 Volume in drive C is Windows
 Volume Serial Number is 1234-ABCD

 Directory of C:\Temp

12/16/2025  01:42 AM         1,569,024 auth.log
               1 File(s)      1,569,024 bytes
               0 Dir(s)  148,123,123,712 bytes free

Author: Mohd Shakir Zakaria
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.