# p0 scp ### **Overview** The p0 scp command is a drop-in replacement for the standard scp, but with one key advantage: it **automatically requests and provisions SSH access** via P0. You simply specify your source and destination (local or remote), and P0 handles: 1. **Authentication** and key issuance 2. **Access requests** against your SSH integration 3. **Privilege elevation** (optional --sudo) 4. **Invocation** of the underlying scp binary Use p0 scp anytime you'd otherwise run scp—no need to juggle SSH keys, open tickets, or paste connection strings. *** ### **Prerequisites** * **Logged-in user** ```plaintext p0 login ``` * **SSH integration configured** in your P0 tenant (AWS, Azure, or GCP). * **Network access** to P0's API and to the target host over SSH. *** ### **Syntax** ```plaintext p0 scp [P0-options] [-- SCP-ARGS…] ``` * \ / \ Either a local path (./file.txt) or remote in the format \:\. Exactly one must be remote. * **P0-options** (before --): * `--reason ` * `--account ` * `--provider `\` * `--sudo` * `--debug` * **SCP-ARGS** (after --): all standard scp flags (e.g. -P 2222, -C, etc.) *** ### **Positional Arguments** | |

Argument

Description

| | ----------- | ------------------------------------------------------------------- | | source | Local or remote source path. | | destination | Local or remote destination path. | **Note:** Exactly one of source or destination must specify a remote host (via \:). If both or neither do, the command will fail. *** ### **P0-Specific Options** | | | |

Flag

Alias

Type

Description

| | ---------------- | ----------- | ------- | ------------------------------------------------------------------------------------------------------------------------ | | -r | --recursive | boolean | Recursively copy entire directories. | | --reason \ | — | string | Justification for audit logs. | | --account \ | — | string | Cloud account where the instance lives (e.g. AWS account ID). | | --provider \

| — | string | Which SSH integration to use. One of: aws, azure, gcloud. | | --sudo | — | boolean | Temporarily add you to sudoers on the target host for the session. | | --debug | — | boolean | Print detailed debug info (HTTP requests, provisioning logs). | *** ### **Underlying SCP Options** After --, pass any flags supported by your system's scp. Common examples: * -P 2222 to specify a non-default SSH port * -C to enable compression * -i /path/to/key (not needed – P0 provides the key) ```plaintext p0 scp -r ./dir remote-host:/dest/ -- -P 2222 -C ``` *** ### **How It Works** 1. **Parse arguments**, split P0 flags vs. scp flags at --. 2. **Authenticate** via p0 authenticate(). 3. **Determine remote host**: exactly one of source or destination must match \:. 4. **Request SSH access**: calls P0 backend, which spins up a short-lived key and (if --sudo) updates sudoers. 5. **Swap hostnames**: replaces \ with \@\. 6. **Executes** the local scp binary with your flags and the fetched private key. *** ### **Examples** #### **1. Copy a File from Local to Remote** ```plaintext p0 scp ./report.pdf prod-web-01:/var/www/reports/ ``` * Implicitly targets host prod-web-01. * Downloads a P0-issued key, performs scp report.pdf ubuntu\@i-0abc123:/var/www/reports/. *** #### **2. Copy a File from Remote to Local** ```plaintext p0 scp prod-db-server:/var/backups/db.sql ./db.sql ``` * Retrieves /var/backups/db.sql from prod-db-server into your current directory. *** #### **3. Recursive Directory Copy** ```plaintext p0 scp -r ./configs staging-app-01:/etc/myapp/ ``` * Recursively transfers the local configs/ directory. *** #### **4. Specify Cloud Provider & Account** ```plaintext p0 scp ./deploy.sh azure-vm:/home/azureuser/ \ --provider azure --account sub-12345678 ``` * Directs P0 to use your Azure integration on subscription sub-12345678. *** #### **5. Grant sudo During Transfer** ```plaintext p0 scp --sudo ./upgrade.sh prod-web-01:/tmp/ --reason "Patch deploy" ``` * Adds you to sudoers on prod-web-01 before running scp, so remote file ownerships and permissions can be managed. *** #### **6. Pass Custom SCP Arguments** ```plaintext p0 scp ./archive.tar.gz bastion-host:/tmp/ \ -- -P 2222 -C ``` * Uses port 2222 and compression (-C) on the underlying scp call. *** #### **7. Debugging the Provisioning Flow** ```plaintext p0 scp --debug ./file.txt remote-host:/tmp/ ``` * Prints API calls, SSH key details, and status messages to stderr. *** ### **Error Conditions** * **Both sides remote or both local** Exactly one host (source or destination) must be remote. Fix: prefix only one argument with \:. * **Azure + custom port** Azure SSH does not currently support specifying a port… Azure integration only works over default port 22. * **Could not determine host** Could not determine host identifier… Ensure your \: syntax is correct (no spaces, exactly one colon).