Using WinSCP with your AFS account

What is SCP?

SCP (Secure CoPy) is an increasingly popular secure file transfer protocol. It has many advantages over FTP, not the least of which is encrypted authentication and an encrypted transport stream. It is also possible to seamlessly use SCP in a secure Kerberos environment such as ours.

What is WinSCP?

For Windows users, a high-quality open source application known as WinSCP is available that implements the SCP protocol with a friendly user interface that should be familiar to users who use the Windows platform from day to day. A free copy may be downloaded at the WinSCP web site.

WinSCP also mostly works in the WINE Win32 environment for Unix. Currently, the buttons in each pane must be disabled through the options menu.


Using WinSCP is straightforward. First, you must connect to one of our Unix shell machines such as or Once you are connected, then you can copy, move, or delete files between your local machine and your account on our file servers. When finished, you can leave your connection open if you plan to use it again within a short while, or disconnect and close the program.

Using WinSCP, Visual Explanation

When you first open the WinSCP application, you will be presented with the following dialog:

[ The WinSCP main menu. ]

The three circled fields are required and can be found from the account information that you received when you signed up. The program's other settings may be tweaked if you wish to do so, otherwise the defaults typically work fine.

One of the advanced options that you should probably change is the following. It prevents an annoying, but non-fatal, error box from being presented when logging onto the server each session.

[ Uncheck this option to avoid the error. ]

If you don't uncheck that option, you will receive the following error:

[ Example of the "groups lookup" error. ]

(The technical reason that it occurs is that AFS PAGs can't be reverse looked up in the Unix groups database, but the `groups` command tries to do so anyway. But you don't need to know that.)

The only other "is-this-a-problem" thing you might run into is the following:

[ The warning about trusted hosts. ]

You can safely click "Yes" and ignore this message the first time you log in. It is trying to warn you that it cannot verify that our Unix server is the same machine you logged into last time; however, in this case, there is no "last time", so clicking Yes will store this information for the future in your Windows profile and you should no longer receive the error afterwards.

If you log into a different machine or the machine's name changes, you will need to re-verify that you trust that machine. If machine hostnames change, that change should coincide with a news item on our news page.

If you have any questions or are suspicious of a network attack, contact one of our administrators for help.

After you have connected to the Unix host, you will be presented with the following dialog:

[ The WinSCP main dialog. ]

Your local files are on the left side, and your AFS account's files are on the right side. To transfer files to and from your AFS account, simply drag them and drop them into the destination, just as you would do in Windows Explorer. You can also work with files outside the WinSCP application; if you have a file on your desktop that you wish to place in your AFS account, simply drag it from the desktop and drop it in the right WinSCP pane.

Saving your session

When you are finished, you can just close the program to close the session. You might want to save your session for later to avoid having to re-enter your username and password information, though.

To save your session, click the menu (Sessions->Save Session), and you will be presented with the following box to name your session:

[ Naming a saved session. ]

Then you can exit the program. The next time you start WinSCP, instead of prompting you for the information as previously, you will be presented with a list of your saved sessions:

[ The sessions dialog with saved sessions listed. ]

You can double-click on any session to immediately connect to it. This is a time-saver if you have many accounts or have files that you need to frequently update! But, if you leave your computer logged in and unattended, a bad person might use your saved sessions to gain access to your account, so be careful.

Tutorial written on 05/26/2003 by Ryan Underwood <>