SSH.COM is one of the most trusted brands in cyber security. We help enterprises and agencies solve the security challenges of digital transformation with innovative access management solutions.
WinSCP is a popular file transfer client for Windows. It was originally developed by Martin Prikryl. It also provides limited remote command execution and scripting capabilities. There is no support for terminal emulation, but it can be used together with PuTTY.
The installation package and source code can be downloaded from winscp.net.
Other SSH clients can be found here.
The main features of WinSCP include:
Graphical user interface
Runs on Microsoft Windows
Translations are available for several languages, including Chinese, Czech, French, German, Japanese, and Spanish
Uploading, downloading, renaming, deleting, creating files and directories and managing their permissions.
Scripting language for automating file transfer tasks
Synchronizing directories bidirectionally
Simple built-in text editor for editing scripts
Ability to share the session profile files with PuTTY
Supports keyboard-interactive authentication, public key authentication, and GSSAPI authentication. Windows single sign-on is supported.
Both Windows Explorer and dual-pane modes for file transfer. THe Windows Explorer mode only shows a pane for the remote directory, whereas the dual-pane view shows both a local and a remote directory simultaneously.
Ability to encrypt information about remote sites using a master password. However, this option is only available in interactive mode and cannot be used with scripting.
Normal installer and
.EXE ("portable executables") alternatives
Configuration data can be stored in either Windows registry or in configuration files (
.INI, for use with portable executables).
Usually, the software is installed from an installation package like any other software packages. This is how most people use it.
Upgrading can be done by installing the new version. Upgrading preserves configuration files.
The software can also be run directly from an executable file without installing it. This is called portable mode. It allows running the software from USB sticks, which can provide some extra security when using public computers. However, malware running on the computer could easily corrupt the software on the USB stick or steal encryption keys from the application's memory. Thus the extra security is largely illusory.
The portable executable can be upgraded by just replacing the executable with a newer one.
To remove the application, go to
Control Panel > Programs > Uninstall
a program. In Windows 10, go to
Settings > System > Apps &
The software implements a simple scripting language that can be used to automate certain operations with a server. The scripting language relies on credentials stored in local files.
The scripting language implements the following commands. More detailed documentation can be found at https://winscp.net/eng/docs/scripting.
call - executes an arbitrary command on the server. Commands requiring input are not supported.
cd - changes remote working directory
checksum - calculates checksum of a remote file
chmod - changes permissions of remote files
close - closes a session
echo - prints a message to script output
exit - closes all sessions and terminates the program
get - downloads one or more files from a remote directory
help - provides help on commands
keepuptodate - updates a remote directory to reflect local changes
lcs - changes local directory
lls - lists files in a local directory
ln - creates a symbolic link on the remote host
lpwd - displays the current local directory
mkdir - creates a new directory on the remote host
mv - renames or moves a file on the remote host
open - opens a new connection to a server. For the SFTP protocol, password may be hard-coded in the command or public key authentication may be used. For interactive sessions, the user may type the password.
option - sets script options, such as echoing, confirmations, reconnect time limit for broken sessions, and whether to fail if wildcard matches no files.
put - uploads files to a remote directory
pwd - displays the current remote working directory
rmdir - removes a directory from the remote host
session - selects which session to use for the following commands
stat - gets attributes of a file from the remote host
synchronize - synchronizes a local directory with a remote directory, updating changed files in either direction
The software provides COM interfaces for any .NET programming language that
supports COM. The interfaces are provided by the
winscpnet.dll library. More complex automation can be implemented in any such
language. PowerShell is one such language; C#, VB.NET, ASP.NET, Microsoft Azure Website, and SQL Server Integration Services (SSIS) are also supported.
While the application does not have a full terminal emulator, it does support a command line mode for executing commands remotely. The command line mode does not support commands that require keyboard input.
It is possible to use the application in conjunction with PuTTY to have access to full terminal capability.
Guides exist for using the application with several cloud services. See https://winscp.net/eng/docs/guides.
Integration to .NET scripting tools
No SSH key management support
Hardcoded passwords - compliance violation
Slow to copy many files
Opening a large directory can hang the application for an extended period, particularly over long-distance networks
Some people clearly prefer WinSCP over FileZilla
WinSCP has no terminal window. Users who need a terminal need a separate client (see downloads page).
WinSCP is good for managing a small number of servers and for implementing small-scale file transfer automation.
Inability to automate key management makes it very cumbersome in large enterprises and makes compliance audits very difficult.
WinSCP is open source and does not come with any support.
Many organizations have massive amounts of SSH keys that must be properly managed. If left unmanaged, they pose a major risk and compliance issue. See more
SSH tunneling, unless properly controlled, can allow backdoor access from the Internet into internal networks. See more
ssh: (and maybe
webdav: etc) URLs could potentially trigger WinSCP to perform undesired and harmful actions.