Wednesday, October 16, 2024

10 SCP Commands to Transfer Files/Folders in Linux

 Linux administrators should be familiar with the command-line environment. Since GUI (Graphical User Interface) mode in Linux servers is not common to be installed.

SSH may be the most popular protocol to enable Linux administrators to manage the servers in a remote secure way. Built in with SSH command there is SCP command, which is used to copy file(s) between servers in a secure way.

You might also like:

  • How to Secure and Harden SSH Server
  • Basic SSH Command Usage and Configuration in Linux
  • How to Prevent SSH Brute-Force Login Attacks in Linux

Basic Syntax of SCP Command

The below command will read as copy “source_file_name” into “destination_folder” at “destination_host” using the “username” account.

scp source_file_name username@destination_host:destination_folder

There are many parameters in the SCP command that you can use. Here are the parameters that may use on daily basis usage.

Securely Transfer Files in Linux

The basic SCP command without parameters will copy the files in the background. Users will see nothing unless the process is done or some error appears.

You can use the “-v” parameter to print debug information into the screen. It can help you debug connection, authentication, and configuration problems.

Copy File From Local Host to Remote Server

The following command copies a file “scp-cheatsheet.pdf” from a local to a remote Linux system under /home/tecmint directory.

$ scp -v scp-cheatsheet.pdf tecmint@192.168.0.183:/home/tecmint/.

Sample Output:

SCP – Copy File to Remote Linux Server
Executing: program /usr/bin/ssh host 192.168.0.183, user tecmint, command scp -v -t /home/tecmint/.
OpenSSH_8.2p1 Ubuntu-4ubuntu0.5, OpenSSL 1.1.1f  31 Mar 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to 192.168.0.183 [192.168.0.183] port 22.
debug1: Connection established.
debug1: identity file /home/tecmint/.ssh/id_rsa type -1
debug1: identity file /home/tecmint/.ssh/id_rsa-cert type -1
debug1: identity file /home/tecmint/.ssh/id_dsa type -1
debug1: identity file /home/tecmint/.ssh/id_dsa-cert type -1
debug1: identity file /home/tecmint/.ssh/id_ecdsa type -1
debug1: identity file /home/tecmint/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/tecmint/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/tecmint/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/tecmint/.ssh/id_ed25519 type -1
debug1: identity file /home/tecmint/.ssh/id_ed25519-cert type -1
debug1: identity file /home/tecmint/.ssh/id_ed25519_sk type -1
debug1: identity file /home/tecmint/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/tecmint/.ssh/id_xmss type -1
...

Copy File From Remote Host to Local Host

The following command copies a file “ssh-cheatsheet.pdf” from a remote host to a local system under /home/tecmint directory.

$ scp -v tecmint@192.168.0.183:/home/ravi/ssh-cheatsheet.pdf /home/tecmint/.

Sample Output:

SCP – Copy File to Local System
Executing: program /usr/bin/ssh host 192.168.0.183, user tecmint, command scp -v -f /home/ravi/ssh-cheatsheet.pdf
OpenSSH_8.2p1 Ubuntu-4ubuntu0.5, OpenSSL 1.1.1f  31 Mar 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to 192.168.0.183 [192.168.0.183] port 22.
debug1: Connection established.
debug1: identity file /home/tecmint/.ssh/id_rsa type -1
debug1: identity file /home/tecmint/.ssh/id_rsa-cert type -1
debug1: identity file /home/tecmint/.ssh/id_dsa type -1
debug1: identity file /home/tecmint/.ssh/id_dsa-cert type -1
debug1: identity file /home/tecmint/.ssh/id_ecdsa type -1
debug1: identity file /home/tecmint/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/tecmint/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/tecmint/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/tecmint/.ssh/id_ed25519 type -1
debug1: identity file /home/tecmint/.ssh/id_ed25519-cert type -1
debug1: identity file /home/tecmint/.ssh/id_ed25519_sk type -1
...

Copy File From Remote Host to Another Host

The following command copies a file “ssh-cheatsheet.pdf” from a remote host to another remote host system under /home/tecmint directory.

$ scp -v tecmint@192.168.0.183:/home/ravi/ssh-cheatsheet.pdf tecmint@192.168.0.102:/home/anusha/.

Copy Files with Original Creation Date and Time

The “-p” parameter will preserve files’ original modification and access times while copying files along with the estimated time and the connection speed will appear on the screen.

$ scp -p scp-cheatsheet.pdf tecmint@192.168.0.183:/home/tecmint/.

Sample Output:

SCP – Preserve File Timestamps
tecmint@192.168.0.183's password: 
scp-cheatsheet.pdf                                                                                                                                                                 100%  531   721.4KB/s   00:00

Scp Compression While Copying Files

One of the parameters that can faster your file transfer is the “-C” parameter, which is used to compress your files on the go. The unique thing is that compression only happens in the network. When the file has arrived at the destination server, it will be returning to the original size as before the compression happened.

Take a look at these commands. It is using a single file of 93 Mb.

$ scp -pv messages.log mrarianto@202.x.x.x:.

Sample Output:

SCP Transfers File Without Compression
Executing: program /usr/bin/ssh host 202.x.x.x, user mrarianto, command scp -v -p -t.
OpenSSH_6.0p1 Debian-3, OpenSSL 1.0.1c 10 May 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 202.x.x.x [202.x.x.x] port 22.
debug1: Connection established.
debug1: identity file /home/pungki/.ssh/id_rsa type -1
debug1: Found key in /home/pungki/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: Trying private key: /home/pungki/.ssh/id_rsa
debug1: Next authentication method: password
mrarianto@202.x.x.x's password:
debug1: Authentication succeeded (password).
Authenticated to 202.x.x.x ([202.x.x.x]:22).
debug1: Sending command: scp -v -p -t.
File mtime 1323853868 atime 1380425711
Sending file timestamps: T1323853868 0 1380425711 0
messages.log 100% 93MB 58.6KB/s 27:05
Transferred: sent 97614832, received 25976 bytes, in 1661.3 seconds
Bytes per second: sent 58758.4, received 15.6
debug1: Exit status 0

Copying files without the “-C” parameter will result in 1661.3 seconds. You may compare the result to the command below using the “-C" parameter.

$ scp -Cpv messages.log mrarianto@202.x.x.x:.

Sample Output:

SCP – Transfers File with Compression
Executing: program /usr/bin/ssh host 202.x.x.x, user mrarianto, command scp -v -p -t.
OpenSSH_6.0p1 Debian-3, OpenSSL 1.0.1c 10 May 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 202.x.x.x [202.x.x.x] port 22.
debug1: Connection established.
debug1: identity file /home/pungki/.ssh/id_rsa type -1
debug1: Host '202.x.x.x' is known and matches the RSA host key.
debug1: Found key in /home/pungki/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: Next authentication method: publickey
debug1: Trying private key: /home/pungki/.ssh/id_rsa
debug1: Next authentication method: password
mrarianto@202.x.x.x's password:
debug1: Enabling compression at level 6.
debug1: Authentication succeeded (password).
Authenticated to 202.x.x.x ([202.x.x.x]:22).
debug1: channel 0: new [client-session]
debug1: Sending command: scp -v -p -t .
File mtime 1323853868 atime 1380428748
Sending file timestamps: T1323853868 0 1380428748 0
Sink: T1323853868 0 1380428748 0
Sending file modes: C0600 97517300 messages.log
messages.log 100% 93MB 602.7KB/s 02:38
Transferred: sent 8905840, received 15768 bytes, in 162.5 seconds
Bytes per second: sent 54813.9, received 97.0
debug1: Exit status 0
debug1: compress outgoing: raw data 97571111, compressed 8806191, factor 0.09
debug1: compress incoming: raw data 7885, compressed 3821, factor 0.48

As you can see, when you are using compression, the transfer process is done in 162.5 seconds. It is 10 times faster than not using the “-C” parameter. If you are copying a lot of files across the network, the “-C” parameter would help you to decrease the total time you need.

The thing that we should notice is that the compression method will not work on any files. When the source file is already compressed, you will not find any improvement there. Files such as .zip.rarpictures, and .iso files will not be affected by the “-C” parameter.

Change SCP Cipher to Encrypt Files

By default, SCP uses “AES-128” to encrypt files. If you want to change to another cipher to encrypt it, you can use the “-c” parameter.

Take a look at this command.

$ scp -c 3des Label.pdf mrarianto@202.x.x.x:.

mrarianto@202.x.x.x's password:
Label.pdf 100% 3672KB 282.5KB/s 00:13

The above command tells SCP to use the 3des algorithm to encrypt the file. Please be careful that this parameter using “-c” not “-C“.

Limiting Bandwidth Usage with SCP Command

Another parameter that may be useful is the “-l” parameter. The “-l” parameter will limit the bandwidth to use. It will be useful if you do an automation script to copy a lot of files, but you don’t want the bandwidth to be drained by the SCP process.

$ scp -l 400 Label.pdf mrarianto@202.x.x.x:.

mrarianto@202.x.x.x's password:
Label.pdf 100% 3672KB 50.3KB/s 01:13

The 400 value behind the “-l” parameter is mean that we limit the bandwidth for the SCP process to only 50 KB/sec.

One thing to remember is that bandwidth is specified in Kilobits/sec (kbps). It means that 8 bits are equal to 1 byte.

While SCP counts in Kilobyte/sec (KB/s). So if you want to limit your bandwidth to an SCP maximum of only 50 KB/s, you need to set it to 50 x 8 = 400.

SCP with a Different Port

Usually, SCP is using port 22 as a default port, but for security reasons, you may change the port to another port. For example, we are using port 2249.

Then the command should be like this.

$ scp -P 2249 Label.pdf mrarianto@202.x.x.x:.

mrarianto@202.x.x.x's password:
Label.pdf 100% 3672KB 262.3KB/s 00:14

Make sure that it uses a capital “P” not “p” since “p” is already used for preserved times and modes.

SCP – Copy Files and Directories Recursively

Sometimes we need to copy the directory and all files/directories inside it. It will be better if we can do it in a single command using the “-r” parameter, which copies the entire directory recursively.

$ scp -r documents mrarianto@202.x.x.x:.

mrarianto@202.x.x.x's password:
Label.pdf 100% 3672KB 282.5KB/s 00:13
scp.txt 100% 10KB 9.8KB/s 00:00

When the copy process is done, at the destination server you will find a directory named “documents” with all its files. The folder “documents” is automatically created.

SCP – Disable Progress Messages

If you choose not to see the progress meter and warning / diagnostic messages from SCP, you may disable it using the “-q” parameter. Here’s an example.

$ scp -q Label.pdf mrarianto@202.x.x.x:.

mrarianto@202.x.x.x's password:
pungki@mint ~/Documents $

As you can see, after you enter the password, there is no information about the SCP process. After the process is complete, you will see a prompt again.

SCP – Copy Files Using Proxy

The proxy server is usually used in the office environment. Natively, SCP is not a proxy configured. When your environment using a proxy, you have to “tell” SCP to communicate with the proxy.

Here’s the scenario. The proxy address is 10.0.96.6 and the proxy port is 8080. The proxy also implemented user authentication. First, you need to create the “~/.ssh/config” file. Second, you put this command inside it.

ProxyCommand /usr/bin/corkscrew 10.0.96.6 8080 %h %p ~/.ssh/proxyauth

Then you need to create the file “~/.ssh/proxyauth” which contains.

myusername:mypassword

After that, you can do SCP transparently as usual.

Please notice that the corkscrew is might not be installed yet on your system. On my Linux Mint, I need to install it first, using the standard Linux Mint installation procedure.

$ apt-get install corkscrew

For other yum-based systems, users can install corkscrew using the following yum command.

# yum install corkscrew

Another thing is that since the “~/.ssh/proxyauth” file contains your “username” and “password” in clear-text format, please make sure that the file can be accessed by you only.

Choose a Different ssh_config File

For mobile users who often switch between the company networks and public networks, it will be suffering to always change settings in SCP. It is better if we can put a different ssh_config file to match our needs.

Proxy is used in the company network but not in the public network and you regularly switch networks.

$ scp -F /home/pungki/proxy_ssh_config Label.pdf

mrarianto@202.x.x.x:.
mrarianto@202.x.x.x's password:
Label.pdf 100% 3672KB 282.5KB/s 00:13

By default “ssh_config” file per user will be placed in “~/.ssh/config“. Creating a specific “ssh_config” file with proxy compatibility will make it easier to switch between networks.

When you are on the company network, you can use the “-F” parameter. When you are on a public network, you can skip the “-F” parameter.

You might also like:

  • Pscp – Transfer Files to Multiple Linux Servers
  • How to Copy Files and Directories in Linux [14 cp Command Examples]
  • 10 sFTP Command Examples to Transfer Files in Linux

That’s all about SCP. You can see man pages of SCP for more detail. Please feel free to leave comments and suggestions.

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

HTTP Appache Server LAB 7

 Apache HTTP Server (httpd) Configuration,