p0 scp
Overview
The p0 scp command is a drop-in replacement for the standard scp, but with one key advantage: it automatically requests and provisions SSH access via P0. You simply specify your source and destination (local or remote), and P0 handles:
Authentication and key issuance
Access requests against your SSH integration
Privilege elevation (optional --sudo)
Invocation of the underlying scp binary
Use p0 scp anytime you’d otherwise run scp—no need to juggle SSH keys, open tickets, or paste connection strings.
Prerequisites
Logged-in user
p0 login <org-slug>SSH integration configured in your P0 tenant (AWS, Azure, or GCP).
Network access to P0’s API and to the target host over SSH.
Syntax
p0 scp <source> <destination> [P0-options] [-- SCP-ARGS…]<source> / <destination>
Either a local path (./file.txt) or remote in the format <hostname>:<path>. Exactly one must be remote.
P0-options (before --):
--reason <text>--account <account-id>--provider <aws|azure|gcloud>`--sudo--debug
SCP-ARGS (after --): all standard scp flags (e.g. -P 2222, -C, etc.)
Positional Arguments
Argument
Description
source
Local or remote source path.
destination
Local or remote destination path.
Note: Exactly one of source or destination must specify a remote host (via <hostname>:). If both or neither do, the command will fail.
P0-Specific Options
Flag
Alias
Type
Description
-r
--recursive
boolean
Recursively copy entire directories.
--reason <text>
—
string
Justification for audit logs.
--account <id>
—
string
Cloud account where the instance lives (e.g. AWS account ID).
--provider <p>
—
string
Which SSH integration to use. One of: aws, azure, gcloud.
--sudo
—
boolean
Temporarily add you to sudoers on the target host for the session.
--debug
—
boolean
Print detailed debug info (HTTP requests, provisioning logs).
Underlying SCP Options
After --, pass any flags supported by your system’s scp. Common examples:
-P 2222 to specify a non-default SSH port
-C to enable compression
-i /path/to/key (not needed – P0 provides the key)
How It Works
Parse arguments, split P0 flags vs. scp flags at --.
Authenticate via p0 authenticate().
Determine remote host: exactly one of source or destination must match <host>:.
Request SSH access: calls P0 backend, which spins up a short-lived key and (if --sudo) updates sudoers.
Swap hostnames: replaces <hostname> with <linuxUserName>@<instanceId>.
Executes the local scp binary with your flags and the fetched private key.
Examples
1. Copy a File from Local to Remote
Implicitly targets host prod-web-01.
Downloads a P0-issued key, performs scp report.pdf ubuntu@i-0abc123:/var/www/reports/.
2. Copy a File from Remote to Local
Retrieves /var/backups/db.sql from prod-db-server into your current directory.
3. Recursive Directory Copy
Recursively transfers the local configs/ directory.
4. Specify Cloud Provider & Account
Directs P0 to use your Azure integration on subscription sub-12345678.
5. Grant sudo During Transfer
Adds you to sudoers on prod-web-01 before running scp, so remote file ownerships and permissions can be managed.
6. Pass Custom SCP Arguments
Uses port 2222 and compression (-C) on the underlying scp call.
7. Debugging the Provisioning Flow
Prints API calls, SSH key details, and status messages to stderr.
Error Conditions
Both sides remote or both local
Exactly one host (source or destination) must be remote.
Fix: prefix only one argument with <hostname>:.
Azure + custom port
Azure SSH does not currently support specifying a port…
Azure integration only works over default port 22.
Could not determine host
Could not determine host identifier…
Ensure your <hostname>: syntax is correct (no spaces, exactly one colon).
Last updated