WinSCP Review and Download

WinSCP is a relatively popular Windows SFTP client originally developed by Martin Prikryl. It is primarily intended for file transfers, but offers also limited remote command execution and scripting capabilities. It includes no support for terminal emulation. WinSCP also supports the legacy FTP and WebDAV protocols.

Downloading WinSCP for Windows

The installation package and source code can be downloaded from winscp.net.

Other SSH clients, and clients for other platforms can be found here.

WinSCP for Mac

WinSCP is not available for Mac OS. However, other free alternatives are available. For example, Cyberduck and FileZilla are fairly popular alternatives.

Main Features

Main features of WinSCP include:

  • A graphical user interface - it is a Windows application
  • Translations into several languages, including Chinese, Czech, French, German, Japanese, and Spanish
  • SFTP and SCP protocol support, including keepalives
  • Uploading, downloading, renaming, deleting, creating files and directories and managing their permissions.
  • Scripting language for automating certain file transfer tasks
  • Synchronizing directories bidirectionally
  • Simple built-in text editor for editing scripts
  • Ability to share the session profile files with PuTTY
  • Supports password (including keyboard-interactive), public key and GSSAPI (Kerberos) authentication
  • Both Windows Explorer (remote window only) and dual-pane (remote and local views simultaneously, very much resembling Tectia SSH)
  • Ability to encrypt information about remote sites using a master password (however, this option is only available in interactive mode and cannot be used with scripting)
  • Normal installer and .EXE (portable executables) alternatives
  • Configuration data can be stored in either Windows registry or in configuration files (.INI, for use with portable executables)

Installing and Uninstalling

The application can either be installed on a machine, or run directly from an executable file (with configuration in a .ini file). The portable mode can be used from USB sticks. Most users would use the normal installer.

Upgrading can be done by just installing the new version. Upgrading preserves configuration. Portable executable can be upgraded by just replacing the executable with a newer one.

To remove the application, go to Control Panel > Programs > Uninstall a program. In Windows 10, go to Settings > System > Apps & features.

WinSCP Scripting Summary

WinSCP implements a simple scripting language that can be used to automate certain operations with a server. The scripting language relies on credentials stored in local files. No functionality is provided for managing the credentials.

The scripting language implements the following commands. More detailed documentation can be found at https://winscp.net/eng/docs/scripting .

call - executes an arbitrary command on the server. Commands requiring input are not supported.

cd - changes remote working directory

checksum - calculates checksum of a remote file

chmod - changes permissions of remote files

close - closes a session

echo - prints a message to script output

exit - closes all sessions and terminates the program

get - downloads one or more files from a remote directory

help - provides help on commands

keepuptodate - updates a remote directory to reflect local changes

lcs - changes local directory

lls - lists files in a local directory

ln - creates a symbolic link on the remote host

lpwd - displays the current local directory

mkdir - creates a new directory on the remote host

mv - renames or moves a file on the remote host

open - opens a new connection to a server. For SSH File Transfer Protocol (SFTP), password may be hard-coded in the command or public key authentication may be used. For interactive sessions, user may type the password. FTP, FTPS, SCP, and WebDav protocols are also supported.

option - sets script options, such as echoing, confirmations, reconnect time limit for broken sessions, and whether to fail if wildcard matches no files.

put - uploads files to a remote directory

pwd - displays the current remote working directory

rmdir - removes a directory from the remote host

session - selects which session to use for the following commands

stat - gets attributes of a file from the remote host

synchronize - synchronizes a local directory with a remote directory, updating changed files in either direction

Scripting as .NET Assemblies

WinSCP provides COM interfaces for any .NET programming language that supports COM. The interfaces are provided by the winscpnet.dll library. More complex automation can be implemented in any such language. PowerShell is one such language; C#, VB.NET, ASP.NET, Microsoft Azure Website, and SQL Server Integration Services (SSIS) are also supported.

WinSCP Command Line Mode

While the application does not have a full terminal emulator, it does support a command line mode for executing commands remotely. The command line mode does not support commands that require keyboard input.

It is possible to use the application in conjunction with PuTTY to have access to full terminal capability.

Cloud Service Support

Guides exist for using the application with several cloud services. See https://winscp.net/eng/docs/guides.

Strengths

  • Session scripting
  • Integration to .NET scripting tools
  • Synchronizing directories
  • Good documentation

Weaknesses

  • No SSH key management support - major security risk
  • Hardcoded passwords - compliance violation
  • Slow to copy many files
  • Opening a large directory can hang the application for an extended period, particularly over long-distance networks

Comparison

  • Some people clearly prefer WinSCP over FileZilla
  • WinSCP has no terminal windows. Users who need a terminal need to get a terminal client (see downloads page)

Summary

WinSCP is good for managing a small number of servers in environments that don't use extensive automation or cloud services.

Inability to automate key management makes it very cumbersome in large enterprises and makes compliance audits very difficult.

WinSCP is open source and does not come with any support. For business-critical applications, commercial alternatives are recommended.

Security Alert

Many organizations have massive amounts of SSH keys that must be properly managed. If left unmanaged, they pose a major risk and compliance issue. See more

SSH tunneling, unless properly controlled, can allow backdoor access from the Internet into internal networks. See more

Sites sending ssh: (and maybe sftp:, scp:, webdav: etc) URLs could potentially trigger WinSCP to perform undesired actions.

How to Get an SSH Server

General information about SSH servers can be found here. For a Windows server, see here. For an IBM mainframe server, see here. For OpenSSH, see here. For business-critical applications, see here. For 24x7 support on Linux/Unix, see here.

Screenshots

Commander window for downloading and uploading files

Explorer user interface

Command line console