Securely copy files with scp

Jack Wallen
Apr 11, 2009
Updated • Nov 28, 2012
Network
|
7

I have to copy files from machine to machine all the time. Most of the time this copying is done over a network connection. When using that transport method I always like to ensure my copying is being done securely. Fortunately Linux has an app for that (sorry, couldn't resist). That app is scp.

Scp is a part of the secure shell application. If you have installed ssh (secure shell) then you have scp installed on your machine. The only problem with scp is figuring out exactly how to use it. It's not predictable and the man page is absolutely no help. That's where gHacks comes in. In this article you will learn how to securely copy files from one machine to another using scp.

The Setup

Let's first get out of the way the setup of a test network. We'll use MachineA, with an IP address of 192.168.1.1, for the local machine and MachineB, with an IP address of 192.168.1.2, for the remote machine. Both machines will be Linux machines and both will have ssh installed. For the examples we will be copying the file sample.pdf and the directory /home/jlwallen/TEMP. The username we will use is jlwallen.

The syntax

The syntax of the scp command is basically:

scp FILENAME USERNAME@ADDRESS_OF_REMOTE_SERVER:FILENAME

One very important issue is that the FILENAME should be the full path to the file to be copied.

Copy file from A to B (While logged into A)

To copy sample.pdf from A to B when you're logged into A issue the command:

scp /home/jlwallen/sample.pdf jlwallen@192.168.1.2:/home/jlwallen/sample.pdf

You will be prompted for jlwallen's password. Once you enter that password the copy will occur.

Copy file from A to B (While logged into B)

scp jlwallen@192.168.1.1:/home/jlwallen/sample.pdf /home/jlwallen/sample.pdf

You will be prompted for jlwallen's password.

Copy Directory from A to B(While logged into A)

scp -r /home/jlwallen/TEMP jlwallen@192.168.1.2:/home/jlwallen/TEMP

You will be prompted for jlwallen's password. This command will copy the entire contents of the TEMP directory.

Copy Director from B to A (While logged into B)

scp -r jlwallen@192.168.1.1:/home/jlwallen/TEMP /home/jlwallen/TEMP

Pretty simple stuff once you actually know the structure of the command.

Make it passwordless

If you're like me you like to automate things. You can do this with scp but you have to set it up so you can log in without passwords. The best way to do this is by using keys. Here is how it is done:

On the local machine generate a keypair with the following:

ssh-keygen -t rsa

You will accept the defaults and just hit enter. Do not give this a passphrase.

This will generate two files in the ~/.ssh directory: id_rsa and id_rsa.pub. You need to first give your id_rsa the right permissions with the command chmod 700 ~/.ssh/id_rsa. Now you need to copy the id_rsa.pub file over to the server you want to log into. Do this with the command:

scp ~/.ssh/id_rsa.pub 192.168.1.2:~/.ssh/authorized_keys

Now log into the remote machine (via ssh) and make sure the ~/.ssh directory has the right permissions with the command chmod 700 .ssh

The next step is to configure ssh and sshd. On the local machine open up the file /etc/ssh/ssh_config and look for the line:

ForwardAgent yes

This line will most likely be commented out. Remove the "#" character and save the file.

Now on the remote machine open up the /etc/ssh/sshd_config file and make sure you have the following lines:

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile????? .ssh/authorized_keys

Save that file and restart sshd with the command /etc/rc.d/init.d/sshd restart

Back on the local machine issue the two following commands:

ssh-agent

ssh-add

You shouldn't be prompted for a password for the second command.

Now attempt to ssh to the remote machine like so:

ssh 192.168.1.2

You should not be prompted for a password. You are now able to ssh and scp without having to enter a password.

Final Thoughts

Now that you know how to scp (and do so without user intervention), you can create all sorts of fun automated backup scripts that will backup a local machine to a remote server. There is one warning I will issue: if someone can get your id_rsa file they might be able to get into your machine. So make sure the machine that holds that file is safe.

Advertisement

Related content

Security flaws found in emerging 6G tech

What will 5G technology bring to our lives?

Amazon's Sidewalk wireless network expanded with new dev kits
portmaster 1.0 stable

Portmaster 1.0 released: open source application firewall

Wi-Fi Certified 6 Release 2 announced: it is not getting easier
wireshark 3.6

Network Protocol Analyzer Wireshark 3.6 released

Previous Post: «
Next Post: «

Comments

  1. Brad said on August 12, 2013 at 11:45 am
    Reply

    In response to Markus, if you just check the exit code of scp, it will be 0 for success or something else for some kind of error.

  2. BayyannaGoud said on July 21, 2011 at 11:34 pm
    Reply

    Hi All

    This is really a useful and the content is pretty simple. It is exactly giving the information for my requirements. Thanks the author of this page and publisher.

    Cheers
    BayyannaAnithaGoud

  3. markus said on April 23, 2009 at 9:27 pm
    Reply

    hey jack,
    nice post, but what if the connection breaks and you are not sure if the file was really transfered?
    a better tool for transfering files is rsync which can be used with ssh, either

    for example

    rsync -ave ssh remoteuser@remotehost:/userhome /copy/here

    for options etc see man rsync or http://everythinglinux.org/rsync/

    cheers, Markus

  4. Brad said on April 12, 2009 at 5:09 am
    Reply

    Jack –

    Great article! One extra tip for you (I just learned this myself a few weeks ago). If you don’t specify a directory for the destination, if you just put “:” it will default to the user’s home directory.

    For example:

    scp filex brad@myhost.com:

    will drop filex into brad’s home directory at myhost.com. Saves a little bit of typing.

    -Brad

  5. Paulus said on April 12, 2009 at 12:29 am
    Reply

    Jack, i realy can understand that you want to live overhere. I was in the seventies a few times in the U.S.A. and i was very deaply striken (hit) by the total (financiel and mentaly) poornes, of the U.S.A. in total. And because i followed the U.S.A. closely from the seventies i saw the declining line going futher and futher down. My advies to the U.S.A. forbid all wapons for private people, make healthcare affordable and realy jack the training for especially the socially disadvantaged. And one more advice to the U.S.A. less 90210 (less Nietzsche and more Schopenhauer).

  6. jack said on April 11, 2009 at 11:27 pm
    Reply

    Paulus: My family tree begins in the Netherlands, but I live in the United States. My wife and I certainly wish we lived in the Netherlands!

  7. Paulus said on April 11, 2009 at 10:26 pm
    Reply

    Great read for a great app. But now something completely different Jack. Are you from the Netherlands, with that sirname? Wallen ( this is the name of the read district in Amsterdam, the Netherlands).

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.

Advertisement

Spread the Word

Advertisement

Hot Discussions

Advertisement

Recently Updated

Latest from Softonic

Advertisement

About gHacks

Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.

The name and logo of Ghacks are copyrights or trademarks of SOFTONIC INTERNATIONAL S.A.
Copyright SOFTONIC INTERNATIONAL S.A. © 2005- 2024 - All rights reserved