How to disable SCP protocol

Solution Verified - Updated 25 Aug 2025

Environment

Red Hat Enterprise Linux 9

Red Hat Enterprise Linux 8.10
openssh >= 8.0p1-24.el8

Issue

By default in RHEL 9, the scp command will use the SFTP protocol instead of the SCP protocol. However it is still possible to use the SCP protocol using the -O option. Moreover the sshd service will allow connection of clients using the SCP protocol.

How to disable the SCP protocol completely?

Resolution

To disable the usage of the SCP protocol completely, create a /etc/ssh/disable_scp file using the following command:

# touch  /etc/ssh/disable_scp

When that file exists, the scp command does not allow the use of the -O option to use the SCP protocol.

Root Cause

Although the default for the scp command on RHEL 9 is to use the SFTP protocol, the use of the SCP protocol is still possible, moreover the sshd service still allow connections using the SCP protocol, unless explicitly disabled.

On RHEL 8, the scp command uses the SCP protocol by default.

Diagnostic Steps

One can verify that the SCP protocol is disabled on RHEL 9 by using the -O option to transfer a file:

$ scp -O file localhost:
SCP protocol is forbidden via /etc/ssh/disable_scp

On RHEL 8, the scp command does not support the -O option and always uses the SCP protocol:

$ scp file localhost:
SCP protocol is forbidden via /etc/ssh/disable_scp

SBR

Product(s)

Red Hat Enterprise Linux

Components

openssh

Category

Secure

Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.