This error occurs when SCP protocol receives a filename that doesn't match the request, due to OpenSSH security validations or special characters in filenames. It can also happen with paths containing colons or dots that require escaping.
The 'unexpected filename' error is a security validation check in newer OpenSSH versions. When you request a file via SCP, the server returns the file with its name and path. Modern OpenSSH validates that the returned filename matches what was requested. This error fires when there's a mismatch, which can happen due to: filename validation rules, special characters not being properly escaped, or security restrictions on certain path patterns (like dots or colons).
Prefix filenames and paths with ./ to make them explicit relative paths. This prevents SCP from misinterpreting special characters like colons.
# Instead of:
scp file:name.txt user@host:/tmp/
# Use:
scp ./file:name.txt user@host:/tmp/
# For wildcard copies:
scp ./* user@host:/tmp/The ./ prefix explicitly marks the path as a file, not a remote host specification.
If you're using . as the destination (current directory), replace it with the full path or $(pwd) (print working directory).
# Instead of:
scp user@host:/path/to/file .
# Use absolute path:
scp user@host:/path/to/file /home/user/target/
# Or use $(pwd):
scp user@host:/path/to/file $(pwd)/This is particularly important with OpenSSH versions that have the CVE-2018-20685 fix.
If filenames contain spaces, colons, or other special characters, ensure they are properly quoted or escaped.
# For files with spaces:
scp "user@host:/path/to/file name.txt" ./
# For files with colons (using relative path):
scp user@host:/path/to/./file:name.txt ./
# Double-check the exact filename on remote:
ssh user@host ls -la /path/to/file*If you trust the remote server and need a quick workaround, use the -T flag to disable strict filename validation.
scp -T user@host:/path/to/file ./Warning: Only use this when you fully trust the remote host, as it disables security validations. This should be a temporary measure while you fix the underlying issue.
If SCP continues to cause issues, use SFTP (SSH File Transfer Protocol) instead, which doesn't have the same filename validation restrictions.
sftp user@host << EOF
get /path/to/file
bye
EOFSFTP is more modern, more reliable, and handles special characters better than legacy SCP.
The 'unexpected filename' error became more common after OpenSSH 7.4+ implemented CVE-2018-20685 security fixes. This vulnerability allowed malicious remote servers to send unexpected files during SCP transfers. The fix validates that filenames match requests, but this broke some legacy workflows and scripts using patterns like '.' as destination or certain special characters. Different platforms (Linux, macOS, Windows) may have different OpenSSH versions and behaviors. For CI/CD pipelines and automation, prefer SFTP over SCP. If you cannot upgrade tooling, the -T flag or explicit path escaping are temporary workarounds. Check your OpenSSH version with scp -V on both client and server—version mismatches can contribute to this issue.
sign_and_send_pubkey: no mutual signature supported
How to fix "sign_and_send_pubkey: no mutual signature supported" in SSH
sign_and_send_pubkey: signing failed for RSA from agent: agent refused operation
How to fix "sign_and_send_pubkey: signing failed for RSA from agent: agent refused operation" in SSH
Bad owner or permissions on /home/user/.ssh/config
How to fix "Bad owner or permissions on .ssh/config" in SSH
No more authentication methods to try.
How to fix "No more authentication methods to try." in SSH
Error connecting to agent: Connection refused
How to fix "Error connecting to agent: Connection refused" in SSH