Securely Transfer Files Using SCP Command

Written by in linux on 4~7 minutes
Securely Transfer Files Using SCP Command

Transferring files to servers is a vital task in most software developers’ life. Usually, we use protocols like FTP (File Transfer Protocol), FTPS, SFTP to transfer files. In this tutorial, we are going to briefly discuss the available protocols and their differences. Also, the tutorial will explain how to transfer files from client to server, server to client and server to server using SCP.

What Are The Differences?

FTP

FTP is an old and insecure protocol that can be used to transfer files between local networks or computers connected through the Internet. However, FTP is not recommended to use to transfer files over the Internet anymore as it transfers usernames and passwords in cleartext. In addition to that, FTP provides an anonymous method that let you transfer files even without a username and password.

FTPS

FTPS or FTP over SSL (Secure Socket Layer) is the same FTP but with an additional SSL layer to secure the connection. In FTPS, SSL has been implemented in two different methods called “implicit” and “explicit”. Implicit FTPS was the first attempt to secure the traditional, insecure FTP connections. Implicit FTP connections initiate a security negotiation using SSL before both authentication and file transfer. Then it uses the standard FTP to transfer the encrypted data.

The problem with Implicit FTP is, it is more strict and clients had to be compatible with it. Explicit FTP solves this compatibility issue by initiating the connection as a normal, insecure FTP connection over the standard port 21 and then it tries to upgrade it. So old, incompatible clients can still connect with the insecure method if it is allowed by the server.

SFTP

SFTP or SSH File Transfer Protocol uses SSH to securely transfer files and directories over port 22.

SCP (Secure Copy Protocol)

Unlike FTP or FTPS protocols, SCP uses SSH (Secure Shell) protocol to transfer files. It is more popular in Unix based Operating Systems. One of the significant advantage of the scp command which uses SCP protocol is, it can directly transfer files from server to server without downloading files/directories into an intermediate computer.

SCP Command Examples

Before trying out any of the below-mentioned commands, make sure that you can initiate a client to server SSH connection using this command. Replace the user and server with your server’s actual username and IP address/domain name.

If you get any connection problems, check whether you have generated SSH keys in your client. If you have not yet done it, refer to the SSH Key Generation section of this article. Then, make sure that your server public key is in the client’s ~/.ssh/known_hosts file and the client’s public key in the server’s ~/.ssh/authorized_keys file. If not you can just do it manually by copying and pasting or otherwise by using the ssh-copy-id command from the client.

ssh-copy-id [email protected]

If you have multiple key pairs and need to copy a specific public key, mention it using -i path/to/your/public.key.

ssh-copy-id -i .ssh/id_rsa.pub [email protected]

Then, again try to connect to the server using the ssh [email protected] command.

Client To Server (Local To Remote)

This command will copy the file.txt file to the server’s home directory with the same name.

scp file.txt [email protected]:~/file.txt

If you need to copy directories recursively, use the -r flag like this.

scp -r data_directory/ [email protected]:~/data_directory

Server To Client (Remote To Local)

This command will copy the file.txt file in the server to the client.

scp [email protected]:~/file.txt file.txt

You can use the -r flag as usual to copy directories.

Server To Server (Remote To Remote), Via Client

You can use the following command to copy a file (or directories with -r flag) from server to server. But it will copy all the files and directories over the client.

scp -3 [email protected]_a:~/data.txt [email protected]_b:~/data.txt

Server To Server (Remote To Remote), Direct

This command will solve the above mentioned intermediate client problem. But most of the time it will not work until you make some changes. First, try to run the following command without the -3 flag mentioned in the previous example like this.

scp [email protected]_a:~/data.txt [email protected]_b:~/data.txt

If it doesn’t work, do the following things.

  1. Select one server and assume it as a client.
  2. Generate SSH key pair as mention in the SSH Key Generation section of this article.
  3. Copy client’s (assumed client) public key to the server using the manual or ssh-copy-id method.
  4. Try to initiate an SSH connection from the client (assumed client) to the server.

Now you should be able to copy files and directories back and forth between the two servers without transferring them through the client.

Written By

A FOSS guy. Currently, he works as a full stack developer. He writes about Linux and FOSS related content.