I've seen a lot of variants of this question but I don't think anything fits my exact situation.

I'm on a computer at work which is SSH'd into a server. While on this server I would like to SCP some files from my Mac at home.

I can SSH into my Mac from the server no problem with the normal command:

ssh [email protected]

However when I try to SCP I get: -bash: /usr/bin/scp: Permission denied

I am using the command:

scp [email protected]:/absolute/filepath/i* local/folder

I have also tried number -p flags. There is only one account on my mac and it is the administrative account. I'm not sure if there are permissions issues or if it is because I am SSH'd into the server or if it is something else.

I am also able to SCP successfully from the server to my Mac when doing so from my Mac at home.

Any suggestions?

Edit: Additional relevant information originally posted as comments because I had a brain fart about protocol. (my bad).

Specifically related to my last sentence about being able to 'reverse' SCP: the following command works when I am logged into my Mac as the local machine:

scp -P 22003 [email protected]:Data/path/i* /Full/Path/On/Mac/

Running ls -l /usr/bin/scp on the server (local) returns the following:

rwxr-x---. 1 root root 67648 Aug 31 12:40 /usr/bin/scp

Running ls -l /usr/bin/scp on the Mac (remote) returns the following:

-rwxr-xr-x 1 root wheel 81360 Dec 1 14:45 /usr/bin/scp

    What is the output of ls -l /usr/bin/scp on the server?
  Actually, what is the output of ls -l /usr/bin/scp on both local and remote systems?
    – Kenster
    Commented Feb 6, 2018 at 22:12
  "I am also able to SCP successfully from the server to my Mac when doing so from my Mac at home." So, work -ssh> server -scp> Mac fails with above error, but Mac -ssh> server -scp> Mac succeeds ? That would be really "weird", either you can execute /usr/bin/scp on server or you cannot, regardless of where you ssh in from ... if Mac -scp> server works always, ssh to your Mac and then scp back to server.
  On the Mac (remote) its: -rwxr-xr-x 1 root wheel 81360 Dec 1 14:45 /usr/bin/scp On the server (local) its: -rwxr-x---. 1 root root 67648 Aug 31 12:40 /usr/bin/scp The server is administered by my university.
  Apparently I can't edit comments after 5 minutes so to follow-up for @user2531336, the above command fails with the error specified but the following command works when I am logged into my Mac as the local machine: scp -P 22003 [email protected]:Data/path/i* /Full/Path/On/Mac/

The above command fails with the error specified but the following command works when I am logged into my Mac as the local machine:

scp -P 22003 [email protected]:Data/path/i* /Full/Path/On/Mac/

So, from the server you cannot access /usr/bin/scp you get a "Access Denied" error. There may be many reasons for such an error, file permissions, for example.

Since you can scp from your Mac and you can ssh from the server to your Mac, I think that is what you should do, for now. ssh into Mac and scp from there.

To troubleshoot the problem on your server, first check that you have execute permissions on /usr/bin/scp on the server:

ls -l /usr/bin/scp

You see something like:

-rwxr-xr-x 1 root root 84104 Jan 16 14:28 /usr/bin/scp
   ^  ^  ^

Basically, the file is owned by user root (with read, write, exec), members of group root have read and exec, so does world (everyone else logged-in)

If you have x (execute) privs on the command, use scp -v for increased verbosity (you can add more v's, up to three, iirc), you might see a message that tells you what is wrong. You could also try ldd /usr/bin/scp to see if all dependencies are there and readable.

  • 1
    "first check that you have execute permissions on /usr/bin/scp on the server" – The OP did it before you answered, the result is -rwxr-x---. 1 root root 67648 Aug 31 12:40 /usr/bin/scp. Unfortunately it was posted as a comment, not edited into the question, you may have missed it. Still you can use this information to tailor your generic answer to fit the OP's situation better. Nevertheless +1 from me.
  Thanks for your comment. It's interesting because it seems it has group execute permissions and on this particular server typing 'groups' indicates my username is the group to which I belong as is the case with every user on this particular server). However it's a fairly secured university server so it is likely a permissions issue. SSHing works so at this point it's more annoying than keeping me from work. Thank you for your response. My reputation doesn't allow for a +1 but I appreciate it.

