Copy Files Over SSH task

Azure DevOps Services | Azure DevOps Server 2022 - Azure DevOps Server 2019 | TFS 2018

Use this task to copy files from a source folder to a target folder on a remote machine over SSH.

This task allows you to connect to a remote machine using SSH and copy files matching a set of minimatch patterns from specified source folder to target folder on the remote machine. Supported protocols for file transfer are SFTP and SCP via SFTP. In addition to Linux, macOS is partially supported (see FAQ).


In Microsoft Team Foundation Server (TFS) 2018 and previous versions, build and release pipelines are called definitions, runs are called builds, service connections are called service endpoints, stages are called environments, and jobs are called phases.


  • The task supports use of an SSH key pair to connect to the remote machine(s).
  • The public key must be pre-installed or copied to the remote machine(s).

YAML snippet

# Copy files over SSH
# Copy files or build artifacts to a remote machine over SSH
- task: CopyFilesOverSSH@0
    #sourceFolder: # Optional
    #contents: '**' 
    #targetFolder: # Optional
    #cleanTargetFolder: false # Optional
    #overwrite: true # Optional
    #failOnEmptySource: false # Optional
    #flattenFolders: false # Optional


Argument Description
SSH endpoint The name of an SSH service connection containing connection details for the remote machine.
- The hostname or IP address of the remote machine, the port number, and the user name are required to create an SSH service connection.
- The private key and the passphrase must be specified for authentication.
Source folder The source folder for the files to copy to the remote machine. If omitted, the root of the repository is used. Names containing wildcards such as *.zip are not supported. Use variables if files are not in the repository. Example: $(Agent.BuildDirectory)
Contents File paths to include as part of the copy. Supports multiple lines of minimatch patterns. Default is ** which includes all files (including sub folders) under the source folder.
- Example: **/*.jar \n **/*.war includes all jar and war files (including sub folders) under the source folder.
- Example: ** \n !**/*.xml includes all files (including sub folders) under the source folder but excludes xml files.
Target folder Target folder on the remote machine to where files will be copied. Example: /home/user/MySite. Preface with a tilde (~) to specify the user's home directory.
Advanced - Clean target folder If this option is selected, all existing files in the target folder will be deleted before copying.
Advanced - Overwrite If this option is selected (the default), existing files in the target folder will be replaced.
Advanced - Flatten folders If this option is selected, the folder structure is not preserved and all the files will be copied into the specified target folder on the remote machine.
Control options See Control options

Supported algorithms

Key pair algorithms

  • RSA
  • DSA

Encryption algorithms

  • aes256-cbc
  • aes192-cbc
  • aes128-cbc
  • blowfish-cbc
  • 3des-cbc
  • arcfour256
  • arcfour128
  • cast128-cbc
  • arcfour

For OpenSSL v1.0.1 and higher (on agent):

  • aes256-ctr
  • aes192-ctr
  • aes128-ctr

For OpenSSL v1.0.1 and higher, NodeJS v0.11.12 and higher (on agent):

  • aes128-gcm
  • aes256-gcm

See also

Open source

This task is open source on GitHub. Feedback and contributions are welcome.


What key formats are supported for the SSH tasks?

The Azure Pipelines SSH tasks use the Node.js ssh2 package for SSH connections. Ensure that you are using the latest version of the SSH tasks. Older versions may not support the OpenSSH key format.

If you run into an "Unsupported key format" error, then you may need to add the -m PEM flag to your ssh-keygen command so that the key is in a supported format.

Do I need an agent?

You need at least one agent to run your build or release.

I'm having problems. How can I troubleshoot them?

See Troubleshoot Build and Release.

I can't select a default agent pool and I can't queue my build or release. How do I fix this?

See Agent pools.

My NuGet push task is failing with the following error: "Error: unable to get local issuer certificate". How can I fix this?

This can be fixed by adding a trusted root certificate. You can either add the NODE_EXTRA_CA_CERTS=file environment variable to your build agent, or you can add the NODE.EXTRA.CA.CERTS=file task variable in your pipeline. See Node.js documentation for more details about this variable. See Set variables in a pipeline for instructions on setting a variable in your pipeline.

Is this task supported for target machines running operating systems other than Linux?

This task is intended for target machines running Linux.

  • For copying files to a macOS machine, this task may be used, but authenticating with a password is not supported.
  • For copying files to a Windows machine, consider using Windows Machine File Copy.

I use TFS on-premises and I don't see some of these features. Why not?

Some of these features are available only on Azure Pipelines and not yet available on-premises. Some features are available on-premises if you have upgraded to the latest version of TFS.