This error occurs when SCP protocol receives a filename that doesn't match the request, due to OpenSSH security validations or special characters in filenames. It can also happen with paths containing colons or dots that require escaping.
The 'unexpected filename' error is a security validation check in newer OpenSSH versions. When you request a file via SCP, the server returns the file with its name and path. Modern OpenSSH validates that the returned filename matches what was requested. This error fires when there's a mismatch, which can happen due to: filename validation rules, special characters not being properly escaped, or security restrictions on certain path patterns (like dots or colons).
Prefix filenames and paths with ./ to make them explicit relative paths. This prevents SCP from misinterpreting special characters like colons.
# Instead of:
scp file:name.txt user@host:/tmp/
# Use:
scp ./file:name.txt user@host:/tmp/
# For wildcard copies:
scp ./* user@host:/tmp/The ./ prefix explicitly marks the path as a file, not a remote host specification.
If you're using . as the destination (current directory), replace it with the full path or $(pwd) (print working directory).
# Instead of:
scp user@host:/path/to/file .
# Use absolute path:
scp user@host:/path/to/file /home/user/target/
# Or use $(pwd):
scp user@host:/path/to/file $(pwd)/This is particularly important with OpenSSH versions that have the CVE-2018-20685 fix.
If filenames contain spaces, colons, or other special characters, ensure they are properly quoted or escaped.
# For files with spaces:
scp "user@host:/path/to/file name.txt" ./
# For files with colons (using relative path):
scp user@host:/path/to/./file:name.txt ./
# Double-check the exact filename on remote:
ssh user@host ls -la /path/to/file*If you trust the remote server and need a quick workaround, use the -T flag to disable strict filename validation.
scp -T user@host:/path/to/file ./Warning: Only use this when you fully trust the remote host, as it disables security validations. This should be a temporary measure while you fix the underlying issue.
If SCP continues to cause issues, use SFTP (SSH File Transfer Protocol) instead, which doesn't have the same filename validation restrictions.
sftp user@host << EOF
get /path/to/file
bye
EOFSFTP is more modern, more reliable, and handles special characters better than legacy SCP.
The 'unexpected filename' error became more common after OpenSSH 7.4+ implemented CVE-2018-20685 security fixes. This vulnerability allowed malicious remote servers to send unexpected files during SCP transfers. The fix validates that filenames match requests, but this broke some legacy workflows and scripts using patterns like '.' as destination or certain special characters. Different platforms (Linux, macOS, Windows) may have different OpenSSH versions and behaviors. For CI/CD pipelines and automation, prefer SFTP over SCP. If you cannot upgrade tooling, the -T flag or explicit path escaping are temporary workarounds. Check your OpenSSH version with scp -V on both client and server—version mismatches can contribute to this issue.
Load key "/home/user/.ssh/id_rsa": invalid format
How to fix 'Load key invalid format' in SSH
Bad owner or permissions on /home/user/.ssh/config
How to fix "Bad owner or permissions on .ssh/config" in SSH
Error connecting to agent: Connection refused
How to fix "Error connecting to agent: Connection refused" in SSH
Connection closed by UNKNOWN port 65535
How to fix 'Connection closed by UNKNOWN port 65535' in SSH
Offending ECDSA key in /home/user/.ssh/known_hosts:line
How to fix "Offending ECDSA key in known_hosts" in SSH