Linux administrators should be familiar with the command-line environment. Since GUI (Graphical User Interface) mode in Linux servers is not common to be installed.
SSH may be the most popular protocol to enable Linux administrators to manage the servers in a remote secure way. Built in with SSH command there is SCP command, which is used to copy file(s) between servers in a secure way.
Basic Syntax of SCP Command
The below command will read as copy “source_file_name” into “destination_folder” at “destination_host” using the “username” account.
scp source_file_name username@destination_host:destination_folder
There are many parameters in the SCP command that you can use. Here are the parameters that may use on daily basis usage.
Table of Contents
Securely Transfer Files in Linux
The basic SCP command without parameters will copy the files in the background. Users will see nothing unless the process is done or some error appears.
You can use the “-v
” parameter to print debug information into the screen. It can help you debug connection, authentication, and configuration problems.
Copy File From Local Host to Remote Server
The following command copies a file “scp-cheatsheet.pdf” from a local to a remote Linux system under /home/tecmint directory.
$ scp -v scp-cheatsheet.pdf [email protected]:/home/tecmint/.
Sample Output:
Executing: program /usr/bin/ssh host 192.168.0.183, user tecmint, command scp -v -t /home/tecmint/. OpenSSH_8.2p1 Ubuntu-4ubuntu0.5, OpenSSL 1.1.1f 31 Mar 2020 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files debug1: /etc/ssh/ssh_config line 21: Applying options for * debug1: Connecting to 192.168.0.183 [192.168.0.183] port 22. debug1: Connection established. debug1: identity file /home/tecmint/.ssh/id_rsa type -1 debug1: identity file /home/tecmint/.ssh/id_rsa-cert type -1 debug1: identity file /home/tecmint/.ssh/id_dsa type -1 debug1: identity file /home/tecmint/.ssh/id_dsa-cert type -1 debug1: identity file /home/tecmint/.ssh/id_ecdsa type -1 debug1: identity file /home/tecmint/.ssh/id_ecdsa-cert type -1 debug1: identity file /home/tecmint/.ssh/id_ecdsa_sk type -1 debug1: identity file /home/tecmint/.ssh/id_ecdsa_sk-cert type -1 debug1: identity file /home/tecmint/.ssh/id_ed25519 type -1 debug1: identity file /home/tecmint/.ssh/id_ed25519-cert type -1 debug1: identity file /home/tecmint/.ssh/id_ed25519_sk type -1 debug1: identity file /home/tecmint/.ssh/id_ed25519_sk-cert type -1 debug1: identity file /home/tecmint/.ssh/id_xmss type -1 ...
Copy File From Remote Host to Local Host
The following command copies a file “ssh-cheatsheet.pdf” from a remote host to a local system under /home/tecmint directory.
$ scp -v [email protected]:/home/ravi/ssh-cheatsheet.pdf /home/tecmint/.
Sample Output:
Executing: program /usr/bin/ssh host 192.168.0.183, user tecmint, command scp -v -f /home/ravi/ssh-cheatsheet.pdf OpenSSH_8.2p1 Ubuntu-4ubuntu0.5, OpenSSL 1.1.1f 31 Mar 2020 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files debug1: /etc/ssh/ssh_config line 21: Applying options for * debug1: Connecting to 192.168.0.183 [192.168.0.183] port 22. debug1: Connection established. debug1: identity file /home/tecmint/.ssh/id_rsa type -1 debug1: identity file /home/tecmint/.ssh/id_rsa-cert type -1 debug1: identity file /home/tecmint/.ssh/id_dsa type -1 debug1: identity file /home/tecmint/.ssh/id_dsa-cert type -1 debug1: identity file /home/tecmint/.ssh/id_ecdsa type -1 debug1: identity file /home/tecmint/.ssh/id_ecdsa-cert type -1 debug1: identity file /home/tecmint/.ssh/id_ecdsa_sk type -1 debug1: identity file /home/tecmint/.ssh/id_ecdsa_sk-cert type -1 debug1: identity file /home/tecmint/.ssh/id_ed25519 type -1 debug1: identity file /home/tecmint/.ssh/id_ed25519-cert type -1 debug1: identity file /home/tecmint/.ssh/id_ed25519_sk type -1 ...
Copy File From Remote Host to Another Host
The following command copies a file “ssh-cheatsheet.pdf” from a remote host to another remote host system under /home/tecmint directory.
$ scp -v [email protected]:/home/ravi/ssh-cheatsheet.pdf [email protected]:/home/anusha/.
Copy Files with Original Creation Date and Time
The “-p
” parameter will preserve files’ original modification and access times while copying files along with the estimated time and the connection speed will appear on the screen.
$ scp -p scp-cheatsheet.pdf [email protected]:/home/tecmint/.
Sample Output:
[email protected]'s password: scp-cheatsheet.pdf 100% 531 721.4KB/s 00:00
Scp Compression While Copying Files
One of the parameters that can faster your file transfer is the “-C
” parameter, which is used to compress your files on the go. The unique thing is that compression only happens in the network. When the file has arrived at the destination server, it will be returning to the original size as before the compression happened.
Take a look at these commands. It is using a single file of 93 Mb.
$ scp -pv messages.log [email protected]:.
Sample Output:
Executing: program /usr/bin/ssh host 202.x.x.x, user mrarianto, command scp -v -p -t. OpenSSH_6.0p1 Debian-3, OpenSSL 1.0.1c 10 May 2012 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to 202.x.x.x [202.x.x.x] port 22. debug1: Connection established. debug1: identity file /home/pungki/.ssh/id_rsa type -1 debug1: Found key in /home/pungki/.ssh/known_hosts:1 debug1: ssh_rsa_verify: signature correct debug1: Trying private key: /home/pungki/.ssh/id_rsa debug1: Next authentication method: password [email protected]'s password: debug1: Authentication succeeded (password). Authenticated to 202.x.x.x ([202.x.x.x]:22). debug1: Sending command: scp -v -p -t. File mtime 1323853868 atime 1380425711 Sending file timestamps: T1323853868 0 1380425711 0 messages.log 100% 93MB 58.6KB/s 27:05 Transferred: sent 97614832, received 25976 bytes, in 1661.3 seconds Bytes per second: sent 58758.4, received 15.6 debug1: Exit status 0
Copying files without the “-C
” parameter will result in 1661.3 seconds. You may compare the result to the command below using the “-C"
parameter.
$ scp -Cpv messages.log [email protected]:.
Sample Output:
Executing: program /usr/bin/ssh host 202.x.x.x, user mrarianto, command scp -v -p -t. OpenSSH_6.0p1 Debian-3, OpenSSL 1.0.1c 10 May 2012 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to 202.x.x.x [202.x.x.x] port 22. debug1: Connection established. debug1: identity file /home/pungki/.ssh/id_rsa type -1 debug1: Host '202.x.x.x' is known and matches the RSA host key. debug1: Found key in /home/pungki/.ssh/known_hosts:1 debug1: ssh_rsa_verify: signature correct debug1: Next authentication method: publickey debug1: Trying private key: /home/pungki/.ssh/id_rsa debug1: Next authentication method: password [email protected]'s password: debug1: Enabling compression at level 6. debug1: Authentication succeeded (password). Authenticated to 202.x.x.x ([202.x.x.x]:22). debug1: channel 0: new [client-session] debug1: Sending command: scp -v -p -t . File mtime 1323853868 atime 1380428748 Sending file timestamps: T1323853868 0 1380428748 0 Sink: T1323853868 0 1380428748 0 Sending file modes: C0600 97517300 messages.log messages.log 100% 93MB 602.7KB/s 02:38 Transferred: sent 8905840, received 15768 bytes, in 162.5 seconds Bytes per second: sent 54813.9, received 97.0 debug1: Exit status 0 debug1: compress outgoing: raw data 97571111, compressed 8806191, factor 0.09 debug1: compress incoming: raw data 7885, compressed 3821, factor 0.48
As you can see, when you are using compression, the transfer process is done in 162.5 seconds. It is 10 times faster than not using the “-C
” parameter. If you are copying a lot of files across the network, the “-C
” parameter would help you to decrease the total time you need.
The thing that we should notice is that the compression method will not work on any files. When the source file is already compressed, you will not find any improvement there. Files such as .zip, .rar, pictures, and .iso files will not be affected by the “-C
” parameter.
Change SCP Cipher to Encrypt Files
By default, SCP uses “AES-128” to encrypt files. If you want to change to another cipher to encrypt it, you can use the “-c
” parameter.
Take a look at this command.
$ scp -c 3des Label.pdf [email protected]:. [email protected]'s password: Label.pdf 100% 3672KB 282.5KB/s 00:13
The above command tells SCP to use the 3des algorithm to encrypt the file. Please be careful that this parameter using “-c
” not “-C
“.
Limiting Bandwidth Usage with SCP Command
Another parameter that may be useful is the “-l
” parameter. The “-l” parameter will limit the bandwidth to use. It will be useful if you do an automation script to copy a lot of files, but you don’t want the bandwidth to be drained by the SCP process.
$ scp -l 400 Label.pdf [email protected]:. [email protected]'s password: Label.pdf 100% 3672KB 50.3KB/s 01:13
The 400 value behind the “-l
” parameter is mean that we limit the bandwidth for the SCP process to only 50 KB/sec.
One thing to remember is that bandwidth is specified in Kilobits/sec (kbps). It means that 8 bits are equal to 1 byte.
While SCP counts in Kilobyte/sec (KB/s). So if you want to limit your bandwidth to an SCP maximum of only 50 KB/s, you need to set it to 50 x 8 = 400.
SCP with a Different Port
Usually, SCP is using port 22 as a default port, but for security reasons, you may change the port to another port. For example, we are using port 2249.
Then the command should be like this.
$ scp -P 2249 Label.pdf [email protected]:. [email protected]'s password: Label.pdf 100% 3672KB 262.3KB/s 00:14
Make sure that it uses a capital “P
” not “p
” since “p
” is already used for preserved times and modes.
SCP – Copy Files and Directories Recursively
Sometimes we need to copy the directory and all files/directories inside it. It will be better if we can do it in a single command using the “-r
” parameter, which copies the entire directory recursively.
$ scp -r documents [email protected]:. [email protected]'s password: Label.pdf 100% 3672KB 282.5KB/s 00:13 scp.txt 100% 10KB 9.8KB/s 00:00
When the copy process is done, at the destination server you will find a directory named “documents” with all its files. The folder “documents” is automatically created.
SCP – Disable Progress Messages
If you choose not to see the progress meter and warning / diagnostic messages from SCP, you may disable it using the “-q
” parameter. Here’s an example.
$ scp -q Label.pdf [email protected]:. [email protected]'s password: pungki@mint ~/Documents $
As you can see, after you enter the password, there is no information about the SCP process. After the process is complete, you will see a prompt again.
SCP – Copy Files Using Proxy
The proxy server is usually used in the office environment. Natively, SCP is not a proxy configured. When your environment using a proxy, you have to “tell” SCP to communicate with the proxy.
Here’s the scenario. The proxy address is 10.0.96.6 and the proxy port is 8080. The proxy also implemented user authentication. First, you need to create the “~/.ssh/config” file. Second, you put this command inside it.
ProxyCommand /usr/bin/corkscrew 10.0.96.6 8080 %h %p ~/.ssh/proxyauth
Then you need to create the file “~/.ssh/proxyauth” which contains.
myusername:mypassword
After that, you can do SCP transparently as usual.
Please notice that the corkscrew is might not be installed yet on your system. On my Linux Mint, I need to install it first, using the standard Linux Mint installation procedure.
$ apt-get install corkscrew
For other yum-based systems, users can install corkscrew using the following yum command.
# yum install corkscrew
Another thing is that since the “~/.ssh/proxyauth” file contains your “username” and “password” in clear-text format, please make sure that the file can be accessed by you only.
Choose a Different ssh_config File
For mobile users who often switch between the company networks and public networks, it will be suffering to always change settings in SCP. It is better if we can put a different ssh_config file to match our needs.
Proxy is used in the company network but not in the public network and you regularly switch networks.
$ scp -F /home/pungki/proxy_ssh_config Label.pdf [email protected]:. [email protected]'s password: Label.pdf 100% 3672KB 282.5KB/s 00:13
By default “ssh_config” file per user will be placed in “~/.ssh/config“. Creating a specific “ssh_config” file with proxy compatibility will make it easier to switch between networks.
When you are on the company network, you can use the “-F
” parameter. When you are on a public network, you can skip the “-F
” parameter.
That’s all about SCP. You can see man pages of SCP for more detail. Please feel free to leave comments and suggestions.