Use the SCP command to transfer files securely

By Posted on

Use the SCP command to transfer files securely

Use SCP to transfer files securely. linux fedora centos debian ubuntu almalinux redhat

The Secure Copy Protocol (SCP) provides a secure method for transferring files between a local host and a remote host, or between two remote hosts. It leverages the Secure Shell (SSH) protocol for encryption, ensuring the confidentiality and integrity of the data during transmission. "SCP" often refers to both the protocol itself and the command-line program used to execute it. This article will guide you through using the scp command effectively.

Step 1: Install SCP

On macOS and Linux systems, the scp command is typically pre-installed as part of the OpenSSH suite. Therefore, no additional installation is usually required. However, if you encounter an error message like bash: scp: command not found when attempting to use the command, it indicates that SCP is not installed on your local or remote server.

To install SCP, use the appropriate package manager for your operating system:

Fedora, Red Hat, or CentOS:

$ yum -y install openssh-clients

Debian or Ubuntu:

$ apt-get install openssh-client

Step 2: How to use SCP

Before demonstrating how to use the scp command, let’s examine its basic syntax.

The scp command syntax follows this general structure:

$ scp [OPTION] s_user@SHOST:file1 d_user@DHOST:file2

Where:

  • OPTION represents various command-line options to modify the behavior of SCP.
  • s_user is the username on the source host.
  • SHOST is the hostname or IP address of the source host.
  • file1 is the path to the file or directory to be copied on the source host.
  • d_user is the username on the destination host.
  • DHOST is the hostname or IP address of the destination host.
  • file2 is the path to where the file or directory should be copied on the destination host.

Local files should be specified using an absolute or relative path. Remote file names require including a user and host specification in the format user@host:path.

SCP offers several options to fine-tune its operation. Here are some of the most frequently used options:

  • -P port: Specifies the port number to connect to on the remote host. This is useful if the SSH server is listening on a non-standard port.
  • -r: Enables recursive copying of directories.
  • -v: Enables verbose mode, providing more detailed output about the transfer process.
  • -C: Enables compression during the transfer, which can improve speed, especially on slower networks.
  • -i identity_file: Specifies the path to a private key file for authentication. This allows you to authenticate without entering a password.
  • -3: Routes the traffic through the machine from which the command is issued when transferring between two remote hosts.

Step 3: Using SCP

Copy Files and Directories Between Two Systems

To copy a file from your local system to a remote system, use the following command:

$ scp file1.txt <a href="/cdn-cgi/l/email-protection" data-cfemail="394b4c4a5c4b7908000b17080f011708170b0b">[email&#160;protected]</a>:/data/test

In this example, file1.txt is the name of the file to be copied, ruser is the username on the remote server, and 192.168.1.22 is the server’s IP address. The path /data/test specifies the directory where you want to copy the file on the remote server. If you omit the remote directory, the file will be copied to the remote user’s home directory.

You will be prompted to enter the user’s password on the remote server before the transfer begins.

<a href="/cdn-cgi/l/email-protection" data-cfemail="f78582849285b7c6cec5d9c6c1cfd9c6d9c5c5">[email&#160;protected]</a>'s password:
file1.txt                             100%    0     0.0KB/s   00:00

By default, the file is copied with its original name. To save the file with a different name on the remote server, specify the new name in the destination path:

$ scp file1.txt <a href="/cdn-cgi/l/email-protection" data-cfemail="f58780869087b5c4ccc7dbc4c3cddbc4dbc7c7">[email&#160;protected]</a>:/data/test/newfile.txt

If the SSH server on the remote host is listening on a port other than the default port 22, use the -P argument to specify the port number:

$ scp -P 2222 file1.txt <a href="/cdn-cgi/l/email-protection" data-cfemail="f78582849285b7c6cec5d9c6c1cfd9c6d9c5c5">[email&#160;protected]</a>:/data/test

Copying a directory is similar to copying files. However, you must include the -r flag to enable recursive copying:

$ scp -r /data/test <a href="/cdn-cgi/l/email-protection" data-cfemail="ff8d8a8c9a8dbfcec6cdd1cec9c7d1ced1cdcd">[email&#160;protected]</a>:/data/testRemote

To copy a file from a remote system to your local system, reverse the source and destination in the command. For example, to copy a file named test.txt from a remote server with IP address 192.168.1.22 to your local /data directory, use the following command:

$ scp <a href="/cdn-cgi/l/email-protection" data-cfemail="e69493958394a6d7dfd4c8d7d0dec8d7c8d4d4">[email&#160;protected]</a>:/data/test.txt /data

If you haven’t configured SSH key-based authentication, you will be prompted to enter the user’s password on the remote server.

Copy a File Between Two Remote Systems

Unlike rsync, you don’t need to log in to one of the servers to transfer files between two remote machines when using SCP. The SCP command simplifies the process.

The following command will copy the file /folder/file.txt from remote host web1.com to remote host web2.com‘s directory /files.

$ scp user1@web1.com:/folder/file.txt <a href="/cdn-cgi/l/email-protection" data-cfemail="0a7f796f78384a7d6f683824696567">[email&#160;protected]</a>:/files

You will be prompted to enter the passwords for both remote accounts. The data will be transferred directly from one remote host to the other.

To route the traffic through the machine from which you issue the command, use the -3 option:

$ scp -3 user1@web1.com:/folder/file.txt <a href="/cdn-cgi/l/email-protection" data-cfemail="c5b0b6a0b7f785b2a0a7f7eba6aaa8">[email&#160;protected]</a>:/files

Alternative Solutions for Secure File Transfer

While SCP is a reliable method for secure file transfer, alternative solutions exist that offer different advantages and features. Here are two such alternatives:

1. Rsync over SSH

Rsync is a powerful file synchronization tool that can be used for secure file transfer over SSH. Unlike SCP, which copies entire files, rsync can transfer only the differences between files, making it significantly faster for synchronizing large files or directories that have only been partially modified.

Explanation:

Rsync uses an algorithm to identify the blocks of data that have changed between the source and destination files. It then transfers only these changed blocks, reducing the amount of data that needs to be transmitted. When used with the -e ssh option, rsync establishes a secure connection using SSH, providing the same level of security as SCP.

Code Example:

rsync -avz -e ssh /local/directory/ <a href="/cdn-cgi/l/email-protection" data-cfemail="72070117004032051710405c111d1f">[email&#160;protected]</a>:/remote/directory/

In this example:

  • -a: Archive mode; preserves permissions, ownership, timestamps, etc.
  • -v: Verbose mode.
  • -z: Enables compression.
  • -e ssh: Specifies that SSH should be used for the transfer.
  • /local/directory/: The local directory to be synchronized.
  • <a href="/cdn-cgi/l/email-protection" data-cfemail="12676177602052657770203c717d7f">[email&#160;protected]</a>:/remote/directory/: The remote directory to synchronize with.

2. SFTP (SSH File Transfer Protocol)

SFTP is a more feature-rich protocol than SCP, offering interactive file transfer capabilities. It provides a command-line interface similar to FTP but operates over a secure SSH connection.

Explanation:

SFTP allows you to browse remote directories, upload and download files, create and delete directories, and perform other file management operations securely. This makes it suitable for more complex file transfer tasks that require more than just simple copying.

Code Example:

  1. Connect to the remote server:
sftp <a href="/cdn-cgi/l/email-protection" data-cfemail="7a080f091f083a4b4348544b4c42544b544848">[email&#160;protected]</a>
  1. Once connected, use SFTP commands to navigate and transfer files:
  • ls: List files in the current remote directory.
  • cd: Change the current remote directory.
  • get: Download a file from the remote server to the local machine. Example: get remote_file.txt
  • put: Upload a file from the local machine to the remote server. Example: put local_file.txt
  • bye: Disconnect from the SFTP server.

SFTP provides a more interactive and versatile approach to secure file transfer compared to SCP, making it a better choice for tasks that involve more than just simple file copying.

Conclusion

This guide has demonstrated how to use the SCP command to transfer files securely. SCP is a straightforward and secure way to copy files between systems. We also explored two alternative methods: rsync over SSH and SFTP, highlighting their respective strengths and use cases. Understanding these different options allows you to choose the most appropriate tool for your specific file transfer needs.

Consider configuring SSH key-based authentication to avoid entering your password repeatedly when connecting to your Linux servers.

Related posts: