WinSCP Review and Download
WinSCP is a popular file transfer client for Windows. It was originally developed by Martin Prikryl. It also provides limited remote command execution and scripting capabilities. There is no support for terminal emulation, but it can be used together with PuTTY.
Downloading WinSCP for Windows
The installation package and source code can be downloaded from winscp.net.
Other SSH clients can be found here.
WinSCP for Mac
The main features of WinSCP include:
- Graphical user interface
- Runs on Microsoft Windows
- Translations are available for several languages, including Chinese, Czech, French, German, Japanese, and Spanish
- SFTP, FTP, FTPS, and WebDAV protocol support
- Uploading, downloading, renaming, deleting, creating files and directories and managing their permissions.
- Scripting language for automating file transfer tasks
- Synchronizing directories bidirectionally
- Simple built-in text editor for editing scripts
- Ability to share the session profile files with PuTTY
- Supports keyboard-interactive authentication, public key authentication, and GSSAPI authentication. Windows single sign-on is supported.
- Both Windows Explorer and dual-pane modes for file transfer. THe Windows Explorer mode only shows a pane for the remote directory, whereas the dual-pane view shows both a local and a remote directory simultaneously.
- Ability to encrypt information about remote sites using a master password. However, this option is only available in interactive mode and cannot be used with scripting.
- Normal installer and
portable executables) alternatives
- Configuration data can be stored in either Windows registry or in configuration files (
.INI, for use with portable executables).
Usually, the software is installed from an installation package like any other software packages. This is how most people use it.
Upgrading can be done by installing the new version. Upgrading preserves configuration files.
The software can also be run directly from an executable file without installing it. This is called portable mode. It allows running the software from USB sticks, which can provide some extra security when using public computers. However, malware running on the computer could easily corrupt the software on the USB stick or steal encryption keys from the application's memory. Thus the extra security is largely illusory.
The portable executable can be upgraded by just replacing the executable with a newer one.
To remove the application, go to
Control Panel > Programs > Uninstall a program. In Windows 10, go to
Settings > System > Apps & features.
WinSCP Scripting Summary
The software implements a simple scripting language that can be used to automate certain operations with a server. The scripting language relies on credentials stored in local files.
The scripting language implements the following commands. More detailed documentation can be found at https://winscp.net/eng/docs/scripting.
call - executes an arbitrary command on the server. Commands requiring input are not supported.
cd - changes remote working directory
checksum - calculates checksum of a remote file
chmod - changes permissions of remote files
close - closes a session
echo - prints a message to script output
exit - closes all sessions and terminates the program
get - downloads one or more files from a remote directory
help - provides help on commands
keepuptodate - updates a remote directory to reflect local changes
lcs - changes local directory
lls - lists files in a local directory
ln - creates a symbolic link on the remote host
lpwd - displays the current local directory
mkdir - creates a new directory on the remote host
mv - renames or moves a file on the remote host
open - opens a new connection to a server. For the SFTP protocol, password may be hard-coded in the command or public key authentication may be used. For interactive sessions, the user may type the password.
option - sets script options, such as echoing, confirmations, reconnect time limit for broken sessions, and whether to fail if wildcard matches no files.
put - uploads files to a remote directory
pwd - displays the current remote working directory
rmdir - removes a directory from the remote host
session - selects which session to use for the following commands
stat - gets attributes of a file from the remote host
synchronize - synchronizes a local directory with a remote directory, updating changed files in either direction
Scripting as .NET Assemblies
The software provides COM interfaces for any .NET programming language that supports COM. The interfaces are provided by the
winscpnet.dll library. More complex automation can be implemented in any such language. PowerShell is one such language; C#, VB.NET, ASP.NET, Microsoft Azure Website, and SQL Server Integration Services (SSIS) are also supported.
WinSCP Command Line Mode
While the application does not have a full terminal emulator, it does support a command line mode for executing commands remotely. The command line mode does not support commands that require keyboard input.
It is possible to use the application in conjunction with PuTTY to have access to full terminal capability.
Cloud Service Support
Guides exist for using the application with several cloud services. See https://winscp.net/eng/docs/guides.
- Session scripting
- Integration to .NET scripting tools
- Synchronizing directories
- Good documentation
- No SSH key management support - major security risk
- Hardcoded passwords - compliance violation
- Slow to copy many files
- Opening a large directory can hang the application for an extended period, particularly over long-distance networks
- Some people clearly prefer WinSCP over FileZilla
- WinSCP has no terminal window. Users who need a terminal need a separate client (see downloads page).
WinSCP is good for managing a small number of servers and for implementing small-scale file transfer automation.
Inability to automate key management makes it very cumbersome in large enterprises and makes compliance audits very difficult.
WinSCP is open source and does not come with any support.
Many organizations have massive amounts of SSH keys that must be properly managed. If left unmanaged, they pose a major risk and compliance issue. See more
SSH tunneling, unless properly controlled, can allow backdoor access from the Internet into internal networks. See more
ssh: (and maybe
webdav: etc) URLs could potentially trigger WinSCP to perform undesired and harmful actions.