How to use SCP and SSH Linux Commands: Tips and Tricks
This tutorial also documents a few important differences between the Linux commands.
The Linux job market continues to grow and expand, and our LFCS course will help prepare you for one of the standard industry Linux administration certifications.
Before we start: in this tutorial, you will come across both SSH and ssh. The difference is this: SSH is the general protocol, and ssh is the linux SSH client command.
The scp command allows you to copy files over ssh connections. This is pretty useful if you want to transport files between computers, for example to backup something. The scp command uses the ssh command and they are very much alike. However, there are some important differences.
How to use SCP
- To copy from a (remote) server to your computer
- To copy from your computer to a (remote) server
- To copy from a (remote) server to another (remote) server
In the third case, the data is transferred directly between the servers; your own computer will only tell the servers what to do.
These options are very useful for a lot of things that require files to be transferred, so let’s have a look at the syntax of this command:
The scp command above will transfer the file “examplefile” to the directory “/home/yourusername/” at the server “yourserver”, trying to get ssh acces with the username “yourusername”. That’s quite a lot information, but scp really needs it all. Well, almost all of it. You could leave out the “[email protected]” in front of “yourserver”, but only if you want to login on the server with your current username on your own computer.
Let’s have a closer look at the end of the command. There’s a colon over there, with a directory after it. Just like Linux’s normal cp command, scp will need to know both the source file(s) and the target directory (or file). For remote hosts, the file(s)/directory are given to the scp command is this way. You can also copy a file (or multiple files) from the (remote) server to your own local computer. Let’s have a look at an example of that:
Note: The dot at the end means the current local directory. This is a handy trick that can be used about everywhere in Linux. Besides a single dot, you can also type a double dot ( .. ), which is the parent directory of the current directory.
This will copy the file “/home/yourusername/examplefile” to the current directory on your own computer, provided that the username and password are correct and that the file actually exists.You probably already guessed that the following command copies a file from a (remote) server to another (remote) server:
Note: To make the above command work, the servers must be able to reach each other, as the data will be transferred directly between them.
If the servers somehow can’t reach each other (for example, if port 22 is not open on one of the sides) you won’t be able to copy anything. In that case, copy the files to your own computer first, then to the other host. Or make the servers able to reach each other (for example by opening the port). Well, those are the main uses of scp.
We’ll go a bit more in-depth about the differences between ssh and scp. Actually you can also use it just like the normal cp command, without any ssh connections in it, but that’s quite useless. It requires you to type an extra ‘s’.
Specifying a port with scp
The scp command acts a little different when it comes to ports. You’d expect that specifying a port should be done this way:
However, that will not work. You will get an error message like this one:
This is caused by the different architecture of scp. It aims to resemble cp, and cp also features the -p option. However, in cp terms it means ‘preserve’, and it causes the cp command to preserve things like ownership, permissions and creation dates.
The scp command can also preserve things like that, and the -p option enables this feature. The port specification should be done with the -P option. Therefore, the following command will work:
Also note that the -P option must be in front of the (remote) server.
The ssh command will still work if you put -p your port behind the host syntax, but scp won’t. Why? Because scp also supports copying between two servers and therefore needs to know which server the -P option applies to.
SSH is some kind of an abbreviation of Secure SHell. It is a protocol that allows secure connections between computers.
In this tutorial, we’ll be dealing with the ssh command on Linux, the OpenSSH version. Most Linux distributions feature the OpenSSH client today, but if you want to be sure, have a look at the SSH manpage on your system. You can do this by typing:
Note: this should be done in a terminal.
If it displays something like this:
then you can be quite sure you’re running the OpenSSH version. For more background information about SSH, see https://en.wikipedia.org/wiki/SSH.
The most simple case
In the most simple case, you can connect to a server that supports ssh with a syntax as short as this:
Note: If you do not have any ssh server nearby that you can access, you can also try this command with your own computer as a server. To do this, replace “yourserver” with “localhost”. Of course, yourserver should be replaced by a hostname or an ip address of the server you want to connect to.
As you can see in the terminal snippet, I am logged in as pineehad. If you do not specify a username (I’ll explain how to do that later in this tutorial), SSH will assume that you want to login with the username you’re currently logged in with. So, in this case, SSH will try the username pineehad. Of course, you need to be sure that the server supports ssh connections.
The ssh client tries to connect to port 22 default. This means that, if you want to connect to a remote host with the default settings, you should make sure that, if applicable, port 22 is forwarded to the server you’re trying to connect to. You will find more regarding the SSH port further in this tutorial.
Now, back to the command we ran. If the server supports SSH connections and you can reach it by port 22, you should be prompted for a password (if this is the first time you try to connect to the server, ssh will first ask the question if you want to continue connecting, which can generally just be answered with a ‘yes’). If you type a password here, you won’t see asterisks appearing. Don’t panic, this is ssh’s normal behaviour. It makes connecting using ssh even more safe, because any accidental spectators won’t be able to see the length of the password.
After entering the password, if the username and the password were correct, you should be running a shell on the server. If not, make sure you are connecting to a server of which you know that you should be able to login with your username and the specified password. You could try connecting to your own computer (see the note beneath the terminal quote) or read on to learn how to specify an other username. Once you’re done trying the ssh shell, you can exit it by pressing Ctrl + D.
Specifying a username
It’s actually quite simple to specify a different username. You might even already be familiar with it. See the following example:
The above will make ssh try to connect with the username “yourusername” instead of (in my case) pineehad. This syntax is also used by a lot of other protocols, so it’ll always come in handy to know it.
By the way, you will still be asked for a password. For security reasons, it is not even possible to directly specify the password in the syntax. You will always be asked interactively, unless you start configuring the server in an advanced way (which is exactly why that topic is out of this tutorials scope: this tutorial documents how to use the clients, not how to configure the server).
Move the ssh service to an other port
There are many reasons to move the ssh service to an other port. One of them is avoiding brute-force login attempts. Certain hackers try to get access to ssh servers by trying a lot of common usernames with common passwords (think of a user “john” with password “doe”).
Although it is very unlikely that these hackers will ever get access to the system, there is an other aspect of the brute-force attacks that you’ll generally want to avoid: the system and connection load. The brute-force attacks usually are done with dozens or even thousands of tries a second, and this unnecessarily slows down the server and takes some bandwidth which could’ve been used a lot better.
By changing the port to a non-default one, the scripts of the hackers will just be refused and most of the bandwidth will be saved.As the ssh command can’t just guess the port, we will have to specify it if it’s not the default 22 one. You can do that this way:
Of course, you will have to replace “yourport” with the port number. These is an important difference between ssh and scp on this point. I’ll explain it further on.
Running a command on the remote server
Sometimes, especially in scripts, you’ll want to connect to the remote server, run a single command and then exit again. The ssh command has a nice feature for this. You can just specify the command after the options, username and hostname. Have a look at this:
This will make the server update its searching database. Of course, this is a very simple command without arguments. What if you’d want to tell someone about the latest news you read on the web? You might think that the following will give him/her that message:
<c/ode>However, bash will give an error if you run this command:
What happened? Bash (the program behind your shell) tried to interpret the command you wanted to give ssh. This fails because there are exclamation marks in the command, which bash will interpret as special characters that should initiate a bash function.
But we don’t want this, we just want bash to give the command to ssh! Well, there’s a very simple way to tell bash not to worry about the contents of the command but just pass it on to ssh already: wrapping it in single quotes. Have a look at this:
The single quotes prevent bash from trying to interpret the command, so ssh receives it unmodified and can send it to the server as it should. Don’t forget that the single quotes should be around the whole command, not anywhere else.
Differences between SCP and SSH
Unlike ssh, scp cannot be used to run a command on a (remote) server, as it already uses that feature of ssh to start the scp server on the host. The scp command does have an option that accepts a program (the -S option), but this program will then be used instead of ssh to establish the encrypted connection, and it will not be executed on the remote host.
Tips & tricks with SCP and SSH
Quite a handy thing about scp is that it supports asterisks. You can copy all files in a remote directory in a way like this:
And you can also just copy a whole directory by specifying the -r (recursive) option:
Both of these also work when copying to a (remote) server or copying between a (remote) server and another (remote) server.The ssh command can come in handy if you don’t know the exact location of the file you want to copy with scp. First, ssh to the (remote) server:
Then browse to the right directory with cd. This is essential Linux terminal knowledge, so I won’t explain it here. When you’re in the right directory, you can get the full path with this command:
Note: pwd is an abbreviation of Print Working Directory, which is a useful way to remember the command.
You can then copy this output, leave the ssh shell by pressing Ctrl + D, and then paste the full directory path in your scp command. This saves a lot of remembering and typing!
You can also limit the bandwidth scp may use when copying. This is very useful if you’re wanting to copy a huge amount of data without suffering from slow internet for a long time. Limiting bandwidth is done this way:
The bandwidth is specified in Kbit/sec. What does this mean? Eight bits is one byte. If you want to copy no faster than 10 Kbyte/sec, set the limit to 80. If you want to copy no faster than 80 Kbyte/sec, set the limit to 640. Get it? You should set the limit to eight times the maximum Kbyte/sec you want it to be.
I’d recommend to set the -l option with all scp’ing you do on a connection that other people need to use, too. A big amount of copying can virtually block a whole 10 Mbit network if you’re using hubs.
Level up your cloud career
A Cloud Guru makes it easy (and awesome) to get certified and master modern tech skills — whether you’re new to cloud or a seasoned pro. Check out ACG’s current free courses or get started now with a free trial.
Start A Free Trial
Well, that was it! I hope you learned a lot. Of course, you can always have a quick look at this tutorial again if you forgot something. Please tell other people who might be interested about this tutorial, you’ll help this blog to grow if you do =). Thank you for reading and have a lot of fun with your new knowledge!
Online community web-based collaborative writing project
For other uses, see SCP (disambiguation).
The SCP Foundation[note 3] is a fictional secret organization documented by the collaborative writingwiki project of the same name. Within the website's shared universe, the SCP Foundation is responsible for capturing and containing various paranormal, supernatural, and other mysterious phenomena unexplained by mainstream science (known as "anomalies" or "SCPs"), while also keeping their existence hidden from the rest of global human society. The real-world website is community-based and includes elements of many genres such as horror, science fiction, and urban fantasy.
On the SCP Wiki, the majority of works consist of SCP files (short for "Special Containment Procedures"), which are confidential reports that document an SCP object and the means of keeping it contained. The website also contains thousands of "Foundation Tales", which are short stories featuring various characters and settings in the SCP universe. The wiki's literary works have been praised for their ability to convey horror through a quasi-scientific and academic writing style, as well as for their high standards of quality.
The SCP universe has inspired numerous adaptations and fan-made works in widely varying forms of media, including the horror indie video gamesSCP – Containment Breach and SCP: Secret Laboratory.
Overview of the SCP universe
The SCP Foundation is an international secret society, consisting of a scientific research institution with a paramilitary intelligence agency to support their goals. The Foundation is entrusted by governments around the world to capture and contain various unexplained phenomena that defy the known laws of nature (referred to as "anomalies", "SCP objects", "SCPs", or colloquially "skips"). They include living beings and creatures, artifacts and objects, locations and places, abstract concepts, and incomprehensible entities which display supernatural abilities or other extremely unusual properties. If left uncontained, many of the more dangerous anomalies will pose a serious threat to humans or even all life on Earth. Their existence is hidden and withheld from the general public in order to prevent mass hysteria, and allow human civilization to continue functioning normally.
Whenever an SCP anomaly is discovered, teams of undercover Foundation agents (often called Mobile Task Forces) are deployed to either collect and transport the object to a Foundation facility, or to contain it at its location of discovery if transportation is not possible. If an SCP is too widespread, elusive, or otherwise inaccessible, containment consists of suppressing all knowledge of the SCP from the public. This is accomplished both through censorship of mass media, and forcing all eyewitnesses to take amnestic drugs which erase their memories of anomalous events.
Once SCPs are contained and secured at the Foundation's secret facilities by armed guards, they are studied and researched by scientists in order to improve containment methods for them. The Foundation acquires human test subjects known as D-class personnel (who are usually convicted criminals taken from prisons around the world), and force them to interact with SCPs in science experiments or containment procedures; due to the potential danger posed by some SCPs, and the expendability of the D-class. The Foundation maintains documentation for all SCPs which they are aware of, which can include or link to related reports and files. These documents describe the SCPs and include instructions for keeping them safely contained.
Apart from the Foundation itself, there are numerous rival organizations (collectively referred to as Groups of Interest, or GoIs) which are also aware of the existence of paranormal phenomena, and interact with them for various purposes. Examples of major GoIs include the Chaos Insurgency, a terrorist splinter group consisting of ex-Foundation defectors, who attempt to capture SCP objects to weaponize them; the Global Occult Coalition (GOC), a secret paramilitary agency of the United Nations which specializes in destroying supernatural threats instead of containing them; and the Serpent's Hand, a militant group which advocates for the rights of anomalous beings, resisting both the Foundation's and GOC's efforts to suppress all paranormal activity worldwide. Other Groups of Interest seek to exploit anomalies by producing or selling them for monetary profit; or using them to serve their own religious, political, or ideological goals.
Examples of contained SCPs
- SCP-055 is something that causes anyone who examines it to forget its various characteristics, thus making it indescribable except in terms of what it is not.
- SCP-087 is a staircase that appears to descend forever. The staircase is inhabited by SCP-087-1, which is described as a face without a mouth, pupils or nostrils. The sound of a child crying is also omnipresent, but the source is unknown; descending the stairs has no effect on the cries' volume, despite them seemingly originating from the "bottom" of the stairwell.
- SCP-108 is a Nazi bunker system that is only accessible through a portal found in a woman's nose.
- SCP-173 is a humanoid statue composed of rebar, concrete and Krylon spray paint. It is stationary when directly observed, but it attacks people and snaps their neck when the line of sight with it is broken. It is extremely fast, to the point where it can move multiple meters while the observer is blinking.
- SCP-294 is a coffee machine that can dispense anything that does or can exist in liquid form.
- SCP-426 is a toaster that can only be referred to in the first person.
- SCP-1171 is a home whose windows are always covered in condensation; by writing in the condensation on the glass, it is possible to communicate with an extra-dimensional entity whose windows are likewise covered in condensation. This entity bears significant hostility towards humans but does not know that the Foundation members are humans.
- SCP-1609 is a mulch that teleports into the lungs of anyone who approaches it in an aggressive fashion or while wearing certain uniforms. It was previously a peaceful chair that teleported to whichever nearby person felt the need to sit down, but it entered its current aggressive state after being inserted into a woodchipper by members of the Global Occult Coalition.
- SCP-3008 is an IKEA retail store that has an infinite interior space with no outer physical bounds, causing prospective customers to be trapped after they become lost within the pocket dimension. It contains a rudimentary civilization formed by those customers, who are forced to survive and defend themselves against hostile creatures known as SCP-3008-2: tall, faceless humanoids wearing IKEA employee uniforms, that become violently aggressive towards all humans at night.
On the SCP Wiki, the majority of works are stand-alone articles detailing the "Special Containment Procedures" of a given SCP object. In a typical article, an SCP object is assigned a unique identification number. The SCP object is then assigned an "object class" (for example, "Euclid" or "Keter") based on the difficulty of containing it.[note 4] The documentation then outlines proper containment procedures and safety measures, and then describes the SCP object in question. Addenda, such as images, research data or status updates, may also be attached to the document. The reports are written in a scientific tone and often "redact" information. As of August 2021, articles exist for nearly 6,600 SCP objects;[note 5] new articles are frequently added.
The SCP Wiki contains over 4,200 short stories referred to as "Foundation Tales". The stories are set within the larger SCP universe, and often focus on the exploits of various Foundation staff members, SCP entities and objects, among other recurring characters and settings. Gregory Burkart, writing for Blumhouse Productions, noted that some of the Foundation Tales had a dark and bleak tone, while others were "surprisingly light-hearted".
The SCP universe lacks a central canon, but stories on the wiki are frequently linked together to create larger narratives. Contributors have the ability to create "canons", which are clusters of SCPs and Foundation Tales with similar locations, characters, or central plot. Many "canons" have hub pages that explain their basic concept and provide information such as timelines and character lists.
The genres of the SCP Wiki have variously been described as science fiction, urban fantasy, horror and creepypasta.
The SCP Foundation originated in the "paranormal" /x/ forum of 4chan, where the very first SCP file, SCP-173, was posted by an anonymous user in 2007. Initially a stand-alone short story, many additional SCP files were created shortly after; these new SCPs copied SCP-173's style and were set within the same fictional universe. A stand-alone wiki was created in January 2008 on the EditThis wiki hosting service to display the SCP articles. The EditThis website did not have moderators, or the ability to delete articles. Members communicated through individual article talk pages and the /x/ board; the website lacked a central discussion forum. In July 2008, the SCP Wiki was transferred to its current Wikidot website after EditThis switched to a paid model.
The current Wikidot website contains numerous standard wiki features such as keyword searches and article lists. The wiki also contains a news hub, guides for writers and a central discussion forum. The wiki is moderated by staff teams; each team is responsible for a different function such as community outreach and discipline. Wikidot users are required to submit an application before they are allowed to post content. Every article on the wiki is assigned a discussion page, where members can evaluate and provide constructive criticism on submitted stories. The discussion pages are frequently used by authors to improve their stories. Members also have the ability to "upvote" articles they like and to "downvote" articles they dislike; articles that receive too many net downvotes are deleted. Writers from the Daily Dot and Bustle have noted that the website maintains strict quality control standards, and that sub-par content tends to be quickly removed.
The Wikidot website routinely holds creative writing contests to encourage submissions. For example, in November 2014, the SCP Wiki held a "Dystopia Contest" in which its members were encouraged to submit writings about the Foundation set in a bleak or degraded world.
Apart from the original English wiki, 14 official foreign language branches exist, and some of their articles have been translated into English.[note 1] The Wanderer's Library is a sister site and spin-off of the SCP Wiki. It uses the same setting as the SCP universe, but is made up of fantastical stories rather than scientific reports. The SCP community also maintains a role-playing site, a forum on Reddit, and accounts on Facebook and Twitter.
The SCP Foundation has received largely positive reviews. Michelle Starr of CNET praised the creepy nature of the stories. Gavia Baker-Whitelaw, writing for the Daily Dot, praised the originality of the wiki and described it as the "most uniquely compelling horror writing on the Internet". She noted that Special Containment Procedures rarely contained gratuitous gore. Rather, the horror of the series was often established through the reports' "pragmatic" and "deadpan" style, as well as through the inclusion of detail. Lisa Suhay, writing for the Christian Science Monitor, also noted the SCP Wiki's "tongue-in-cheek style".
Alex Eichler, writing for io9, noted that the series had varying levels of quality and that some of the reports were dull or repetitive. However, he praised the SCP stories for not becoming overly dark, and for containing more light-hearted reports. Additionally, he praised the wide variety of concepts covered in the report and said that the wiki contained writings that would appeal to all readers. Leigh Alexander, writing for The Guardian, noted that the wiki's voting system allows readers to easily locate content which "the community thinks are best and most scary."
Winston Cook-Wilson, writing for Inverse, compared the SCP stories to the writings of American author H. P. Lovecraft. Like Lovecraft, SCP casefiles generally lack action sequences and are written in a pseudo-academic tone. Cook-Wilson argued that both Lovecraft's works and those of the SCP Wiki were strengthened by the tensions between their detached scientific tone and the unsettling, horrific nature of the stories being told.
Bryan Alexander, writing in The New Digital Storytelling, stated that the SCP Foundation is possibly "the most advanced achievement of wiki storytelling" due to the large-scale and recurring process through which the wiki's user-base creates literary content.
Andrew Paul, writing for Dark(ish) Web on Medium, noted the large variety in style throughout the works and related the short-writing format to current trends in digital media such as Snapchat and Vine. He also describes its bureaucratic tone's political parallels, which in his eyes adds to the horror.
In October 2014, a stage play entitled Welcome to the Ethics Committee was performed in Dublin at the Smock Alley Theatre. The play focused on the SCP Foundation's Ethics Committee, a body that tries to limit unethical containment procedures. In mid-2016, the Glasgow New Music Expedition under conductor Jessica Cottis performed works inspired by the SCP Foundation at the 10th annual Plug festival of contemporary music.
SCP Foundation: Iris Through the Looking-Glass is a light novel series written by Akira and illustrated by Sidu. The book focuses on a boy who is kidnapped by the SCP Foundation after he sees a picture of Iris, a female SCP, in every book he opens; the boy and Iris are forced to cooperate to escape the Foundation. The novel series began publication in Japan in September 2018, and was released by Seven Seas Entertainment in North America in January 2020.
The SCP Foundation has inspired numerous independent video games:
- SCP – Containment Breach, one of the most popular games based on the SCP Foundation, was released by Finnish developer Joonas Rikkonen in 2012. The player character is an unnamed D-class who attempts to escape from a containment facility. The player must avoid armed Foundation guards and escaped SCPs, including SCP-173. The game includes a blink function, which makes the player close their eyes and allow SCP-173 to approach.
- SCP: Secret Laboratory is a multiplayer game based on Containment Breach. Players have the option of playing as an SCP, an escaping scientist, a D-class, the armed militia of the defending SCP Foundation or the attacking Chaos Insurgency.
- Other video games include SCP-3008 (a planned multiplayer game set in SCP-3008) and SCP-087 (a horror game about walking down SCP-087).
- Control, a video game created by Remedy Entertainment, was first revealed at E3 2018 and released in August 2019. The video game was heavily influenced by the SCP Foundation, with the game centered on a fictional Federal Bureau of Control that collects mundane objects imbued with paranormal influence to study and keep secure.
- ^ abOfficial foreign language branches of the SCP Foundation exist in German, Korean, Japanese, Russian, Thai, Spanish, Polish, Italian, French, Ukrainian, Portuguese, Czech, Simplified Chinese, and Traditional Chinese.
- ^Registration is only required to submit works and projects, or to leave comments and vote upon existing works. The site is free to view to people without an account.
- ^SCP stands for both "Secure, Contain, Protect" and "Special Containment Procedures"
- ^Frequently used object classes include:
- Safe: SCPs that are understood enough to be reliably contained.
- Euclid: SCPs that are either not understood enough to reliably contain or that behave in an unpredictable manner.
- Keter: SCPs that either cannot be fully contained or that require overly complex and elaborate procedures to contain.
- Thaumiel: SCPs used to contain other SCPs or are beneficial to the Foundation.
- Explained: SCPs whose anomalous effects can be fully explained by conventional science.
- Neutralized: SCPs that are either destroyed or cease anomalous behavior.
- Apollyon: SCPs that are uncontainable and are responsible for an ongoing world-ending cataclysm.
- Archon: SCPs that should not be contained because of the damage caused by containment and/or the benefits of keeping the SCP uncontained.
- ^Including deliberately humorous "joke" SCP objects, SCP objects that were archived in lieu of deletion, and translations of SCPs from foreign language branches.
- ^ abSCP Foundation Staff (24 July 2008). Main Page: "International Sites" table. SCP Foundation. Retrieved 11 January 2021.
- ^ abRoget (17 February 2013). History Of The Universe: Part One. SCP Foundation. Retrieved 12 February 2015.
- ^DrClef (12 December 2012). Licensing Guide. SCP Foundation. Retrieved 27 May 2015.
- ^ abcdeAelanna (17 March 2014). About the SCP Foundation. SCP Foundation. Retrieved 13 February 2015
- ^ abcdefghijklmnopqrBaker-Whitelaw, Gavia (9 January 2014). "Meet the secret foundation that contains the world's paranormal artifacts". The Daily Dot. Retrieved 6 February 2015.
- ^ abcdeStarr, Michelle (11 August 2013). SCP Foundation web series coming to YouTube. CNET. Retrieved 6 February 2015.
- ^Zaeyde (10 December 2009). "SCP-087". SCP Foundation. Retrieved 17 May 2015.
- ^ abEichler, Alex (21 February 2010). "Enter the SCP Foundation's Bottomless Catalog of the Weird". io9. Retrieved 6 February 2015.
- ^Rioghail (28 May 2012). "SCP-1609". SCP Foundation. Retrieved 27 December 2020.
- ^Beschizza, Rob (29 June 2017). "Brilliant short story about being trapped in an infinite IKEA". Boing Boing. Retrieved 5 August 2017.
- ^Newsom, p.152
- ^ abcdefBurkart, Gregory (29 October 2015). "CREEPYPASTA: The Story Behind "The SCP Foundation"". Blumhouse Productions. Archived from the original on 6 November 2017. Retrieved 27 January 2021.
- ^ abcdefgAelanna; SCP Foundation Staff (23 April 2014). "Object Classes". SCP Foundation. Retrieved 27 January 2018.
- ^Woedenaz (20 August 2019), Anomaly Classification System (ACS) Guide. SCP Foundation. Retrieved 24 May 2020.
- ^ abDinicola, Nick (1 December 2014). "Creepypasta Gaming: Where the Internet "Learns Our Fears"". PopMatters. Retrieved 6 February 2015.
- ^List of pages tagged with scp, SCP Foundation. Retrieved 24 August 2021. Archived from the original on 24 August 2021.
- ^List of pages tagged with tale, SCP Foundation. Retrieved 24 August 2021. Archived from the original on 24 August 2021.
- ^Tapscott, p. 122
- ^ abcAlexander, p. 72
- ^Tapscott, pp. 122–123
- ^Varonas, Nico (4 February 2012). SCP-087: Escaleras a lo desconocido. NeoTeo. Retrieved 26 March 2015. "Esta es una comunidad de usuarios y de fanáticos del sci-fi y el terror..." (translation: "This is a community of users and of sci-fi and horror fans...")
- ^Ong, Alexis (20 August 2020). The Unsung Muse of Speculative Fiction Is a Wikipedia Community. Tor.com. Retrieved 15 November 2020.
- ^Pedullà, Lorenzo (25 July 2017) Cos'è la SCP Foundation?, Fantascienza.com. Retrieved 18 August 2017.
- ^SCP Foundation Staff, Staff Structure. 05 Command. Retrieved 21 May 2018.
- ^Newsom, p. 154
- ^Tapscott, pp. 117–118
- ^Peters, Lucia (13 October 2014). "The 10 Scariest Urban Legends on the Internet to Bring a Shiver to Your Spine This Halloween". Bustle. Retrieved 6 February 2015.
- ^Tapscott, p.118
- ^ abSuhay, Lisa (10 November 2014). "Urban Druid writing contest: What's behind the dark-side fiction?". The Christian Science Monitor. Retrieved 17 March 2015.
- ^Tapscott, p. 115
- ^Sitterson, Aubrey (16 February 2016). "The 11 weirdest subreddits". Geek. Archived from the original on 25 July 2016. Retrieved 21 February 2016.
- ^Links. SCP Foundation. Retrieved 30 December 2018.
- ^Alexander, Leigh (5 May 2016)._9MOTHER9HORSE9EYES9: the mysterious tale terrifying Reddit.The Guardian. Retrieved 25 August 2018.
- ^Cook-Wilson, Winston (28 October 2015). "Scare Season: SCP, the Creepypasta for 'X-Files' and H.P. Lovecraft Fans". Inverse. Retrieved 31 October 2015.
- ^Alexander p. 73
- ^Paul, Andrew (13 March 2018). "The Comforting Insanity of Creepypasta". Medium.com. Retrieved 21 August 2018.
- ^Power, Una (8 October 2014). Welcome to the Ethics Committee. Belfield FM/UCD Student Radio. Archived from the original on 11 August 2015.
- ^Molleson, Kate (3 May 2016) Plug in to a feast of new music in Glasgow. Herald Scotland. Retrieved 31 May 2016.
- ^Loo, Egan (18 April 2018). Seven Seas Licenses Dumbbell Nan Kilo Moteru? & My Father is a Unicorn Manga, SCP Foundation: Iris of the Mirror World Novel. Anime News Network. Retrieved 7 May 2019.
- ^Diver, p. 4 of chap. 5
- ^ abChan, Stephanie (8 December 2017). SCP-3008 is survival horror in an unending Ikea purgatory. Venture Beat. Retrieved 20 May 2018.
- ^ abBoring Aloof Gamer, The (27 June 2013). Cute Little Things- SCP: Containment Breach Review. Game Skinny. Retrieved 20 May 2018.
- ^Clark, Dean. SCP Secret Laboratory First Impression: Great Game, If You Can Get it Working. Game Tyrant. Retrieved 31 December 2018.
- ^Smith, Adam (21 February 2012). "The Neverending Stairway: SCP-087". Rock, Paper, Shotgun. Retrieved 7 February 2015.
- ^Gach, Ethan (26 August 2019), Control: The Kotaku Review. Kotaku. Retrieved 2 September 2019.
- ^Scibetta, Nicholas (13 June 2018), Preview: Control is a Stunning Action Game for Fans of Annihilation and the SCP Foundation. Gamecrate. Retrieved 30 December 2018.
- ^Twinfinite Staff (3 July 2018), Remedy’s Control Shares Eerie Similarities with the SCP CreepyPasta Site. Twinfinite. Retrieved 30 December 2018.
Click here to toggle editing of individual sections of the page (if possible). Watch headings for an "edit" link when available.
Append content without editing the whole page source.
Check out how this page has evolved in the past.
If you want to discuss contents of this page - this is the easiest way to do it.
View and manage file attachments for this page.
A few useful tools to manage this Site.
See pages that link to and include this page.
Change the name (also URL address, possibly the category) of the page.
View wiki source for this page without editing.
View/set parent page (used for creating breadcrumbs and structured layout).
Notify administrators if there is objectionable content in this page.
Something does not work as expected? Find out what you can do.
General Wikidot.com documentation and help section.
Wikidot.com Terms of Service - what you can, what you should not etc.
Service control policies (SCPs)
For information and procedures common to all policy types, see the following topics:
Service control policies (SCPs) are a type of organization policy that you can use to manage permissions in your organization. SCPs offer central control over the maximum available permissions for all accounts in your organization. SCPs help you to ensure your accounts stay within your organization’s access control guidelines. SCPs are available only in an organization that has all features enabled. SCPs aren't available if your organization has enabled only the consolidated billing features. For instructions on enabling SCPs, see Enabling and disabling policy types.
SCPs alone are not sufficient to granting permissions to the accounts in your organization. No permissions are granted by an SCP. An SCP defines a guardrail, or sets limits, on the actions that the account's administrator can delegate to the IAM users and roles in the affected accounts. The administrator must still attach identity-based or resource-based policies to IAM users or roles, or to the resources in your accounts to actually grant permissions. The effective permissions are the logical intersection between what is allowed by the SCP and what is allowed by the IAM and resource-based policies.
SCPs don't affect users or roles in the management account. They affect only the member accounts in your organization.
Testing effects of SCPs
AWS strongly recommends that you don't attach SCPs to the root of your organization without thoroughly testing the impact that the policy has on accounts. Instead, create an OU that you can move your accounts into one at a time, or at least in small numbers, to ensure that you don't inadvertently lock users out of key services. One way to determine whether a service is used by an account is to examine the service last accessed data in IAM. Another way is to use AWS CloudTrail to log service usage at the API level.
Maximum size of SCPs
All characters in your SCP count against its maximum size. The examples in this guide show the SCPs formatted with extra white space to improve their readability. However, to save space if your policy size approaches the maximum size, you can delete any white space, such as space characters and line breaks that are outside quotation marks.
Use the visual editor to build your SCP. It automatically removes extra white space.
Inheritance of SCPs in the OU hierarchy
For a detailed explanation of how SCP inheritance works, see Inheritance for service control policies
SCP effects on permissions
SCPs are similar to AWS Identity and Access Management (IAM) permission policies and use almost the same syntax. However, an SCP never grants permissions. Instead, SCPs are JSON policies that specify the maximum permissions for the affected accounts. For more information, see Policy Evaluation Logic in the IAM User Guide.
SCPs affect only IAM users and roles that are managed by accounts that are part of the organization. SCPs don't affect resource-based policies directly. They also don't affect users or roles from accounts outside the organization. For example, consider an Amazon S3 bucket that's owned by account A in an organization. The bucket policy (a resource-based policy) grants access to users from account B outside the organization. Account A has an SCP attached. That SCP doesn't apply to those outside users in account B. The SCP applies only to users that are managed by account A in the organization.
An SCP restricts permissions for IAM users and roles in member accounts, including the member account's root user. Any account has only those permissions permitted by every parent above it. If a permission is blocked at any level above the account, either implicitly (by not being included in an policy statement) or explicitly (by being included in a policy statement), a user or role in the affected account can't use that permission, even if the account administrator attaches the IAM policy with */* permissions to the user.
SCPs affect only member accounts in the organization. They have no effect on users or roles in the management account.
Users and roles must still be granted permissions with appropriate IAM permission policies. A user without any IAM permission policies has no access, even if the applicable SCPs allow all services and all actions.
If a user or role has an IAM permission policy that grants access to an action that is also allowed by the applicable SCPs, the user or role can perform that action.
If a user or role has an IAM permission policy that grants access to an action that is either not allowed or explicitly denied by the applicable SCPs, the user or role can't perform that action.
SCPs affect all users and roles in attached accounts, including the root user. The only exceptions are those described in Tasks and entities not restricted by SCPs.
SCPs do not affect any service-linked role. Service-linked roles enable other AWS services to integrate with AWS Organizations and can't be restricted by SCPs.
When you disable the SCP policy type in a root, all SCPs are automatically detached from all AWS Organizations entities in that root. AWS Organizations entities include organizational units, organizations, and accounts. If you reenable SCPs in a root, that root reverts to only the default policy automatically attached to all entities in the root. Any attachments of SCPs to AWS Organizations entities from before SCPs were disabled are lost and aren't automatically recoverable, although you can manually reattach them.
If both a permissions boundary (an advanced IAM feature) and an SCP are present, then the boundary, the SCP, and the identity-based policy must all allow the action.
Using access data to improve SCPs
When signed in with management account credentials, you can view service last accessed data for an AWS Organizations entity or policy in the AWS Organizations section of the IAM console. You can also use the AWS Command Line Interface (AWS CLI) or AWS API in IAM to retrieve service last accessed data. This data includes information about which allowed services that the IAM users and roles in an AWS Organizations account last attempted to access and when. You can use this information to identify unused permissions so that you can refine your SCPs to better adhere to the principle of least privilege.
For example, you might have a deny list SCP that prohibits access to three AWS services. All services that aren't listed in the SCP's statement are allowed. The service last accessed data in IAM tells you which AWS services are allowed by the SCP but are never used. With that information, you can update the SCP to deny access to services that you don't need.
For more information, see the following topics in the IAM User Guide:
Tasks and entities not restricted by SCPs
You can't use SCPs to restrict the following tasks:
Any action performed by the management account
Any action performed using permissions that are attached to a service-linked role
Register for the Enterprise support plan as the root user
Change the AWS support level as the root user
Provide trusted signer functionality for CloudFront private content
Configure reverse DNS for an Amazon Lightsail email server and Amazon EC2 instance as the root user
Tasks on some AWS-related services:
Alexa Top Sites
Alexa Web Information Service
Amazon Mechanical Turk
Amazon Product Marketing API
Exceptions for only member accounts created before September 15, 2017
For some accounts created before September 15, 2017, you can't use SCPs to prevent the root user in those member accounts from performing the following tasks:
For all accounts created after September 15, 2017, the following exceptions don't apply and you can use SCPs to prevent the root user in those member accounts from performing the following tasks. However, unless you are certain that all of the accounts in your organization were created after September 15, 2017, we recommend that you don’t rely on SCPs to try to restrict these operations:
Enable or disable multi-factor authentication on the root user
Create, update, or delete x.509 keys for the root user
Change the root user's password
Create, update, or delete root access keys
Policy syntax and inheritance for management policy types
Creating, updating, and deleting
- Iphone se function
- Spectrum temporary internet
- Fridge maytag
- Sheesh emoji discord
- Diorama ideas
- Pyrex airtight containers
- Hotel etf fidelity
- N300 dlink
- Malachite meditation
- Giovanny valencia
- Safari letters printable
- Advertise on kayak
Nadezhda Viktorovna appeared a little later and looked slightly crumpled. Don't, Julia. I'm not hungry yet.