Moving files between Linux systems with SCP

When transferring files to a remote Linux server, you have a few options. One of the best ways is to use a program called Secure Copy, or SCP, which runs over the SSH protocol to quickly transfer files over the network to a remote system. This guide shows you how to securely transfer files using SCP in Linux.

SSH Configuration

On the remote server, you will need to install an SSH server. The most popular on Linux is the OpenSSH server. To install it, run one of the following commands:

Debian/Ubuntu based server:

sudo apt install ssh

Fedora:

sudo dnf install openssh

Moving files between Linux systems with SCP Picture 1

Depending on your distribution, you may need to allow SSH through some software firewalls. On Ubuntu, this is not an issue, but on Fedora, you will also need to run the following commands:

sudo firewall-cmd --add-service=ssh --permanent sudo firewall-cmd --reload

Moving files between Linux systems with SCP Picture 2

Connect to the system via SSH

Before you can connect via SSH, you need to find out the IP address of the remote server. On graphical servers, the IP address is displayed in the Network applet under System Settings. On most servers, you should use the ip command in the terminal.

ip addr

Moving files between Linux systems with SCP Picture 3

In the output, look for a line starting with ine t in ethX or enpXsy , depending on how your network interface is connected to the system. In the example case, it's 192.168.68.108.

To test the SSH connection, switch to another Linux machine and type:

ssh user@remote.machine.ip.address

Change 'user' to the actual username in the server.

Moving files between Linux systems with SCP Picture 4

Enter the password for that account. If you get a question about 'authenticity of host can't be established' , just answer 'yes'. This is a security check designed to ensure that you are connecting to your real server and not an imposter. You should see the same prompt appear on your client system that you see when logging directly into the server, which means your connection was successful. You should also configure your SSH connections for maximum security or even set up two-factor authentication before moving on to the next step.

Using SCP to transfer files

Now that you have tested the SSH connection, let's start copying files between the two machines. Secure copying is achieved using the scp command. The basic format of the scp command is:

scp /PATH/TO/FILE USER@IP-ADDRESS:PATH/TO/DESIRED/DESTINATION

For example, to copy the file 'backup.tar.gz' from the local machine to the 'backups' directory in the home directory of the user 'ramces' on the remote server with the IP address 192.168.68.165, use the command:

scp backup.tar.gz ramces@192.168.68.165:~/backups/

Moving files between Linux systems with SCP Picture 5

Similar to connecting via ssh, you will be prompted for a password. You will not be prompted for a username, as the username is already specified in the command.

You can also use wildcards like this:

scp *.tar.gz ramces@192.168.68.165:~/backups/

Moving files between Linux systems with SCP Picture 6

To copy files from a remote server to a local machine, just reverse the parameters:

scp ramces@192.168.68.165:~/backups/backup.tar.gz ./

Moving files between Linux systems with SCP Picture 7

Notice the dot at the end of the command - it means "current directory", just like with the standard cp or mv commands. You can easily specify some other directory if you want.

scp -r ramces@192.168.68.165:~/backups/ backups-from-server/

And the same with wildcards:

scp ramces@192.168.68.165:~/backups/*.txz ./

To recursively copy a directory to the remote server, use the -r option :

scp -r backups/ ramces@192.168.68.165:~/backups/

Moving files between Linux systems with SCP Picture 8

To copy a recursive copy of a directory from a remote server to the local machine, use:

scp -r ramces@192.168.68.165:~/backups/ ./

Moving files between Linux systems with SCP Picture 9

Compress file transfers in SCP

In addition to basic copying, it is also possible to modify how SCP behaves during this file transfer. For example, you can use the -C flag to compress the data that SCP sends to remote clients:

scp -C backup.tar.gz ramces@192.168.68.165:/home/ramces/

This option works by compressing each packet of data as it is sent through the SCP program. Therefore, this can be extremely useful if you are on a bandwidth-limited connection and want to reliably send files to a remote server.

Moving files between Linux systems with SCP Picture 10

Similar to the above options, you can also use -C along with the -r flag to recursively compress and transfer files to the remote machine. For example, the following command will compress and retrieve the file 'backup.tar.gz' from the remote server in the post:

scp -Cr ramces@192.168.68.165:/home/ramces/backups /home/ramces/

Moving files between Linux systems with SCP Picture 11

Optimize data transmission with SCP

For the most part, SCP tries to use the AES-128 encryption algorithm for all of its file transfers. However, there are cases where this particular algorithm will not be suitable for the files you want to transfer.

Knowing that, you can further optimize and secure SCP by directly changing the encryption algorithm for a particular transfer. To do this, you need to use the -c flag followed by the cipher you want to use.

For example, the following command transfers the file 'backup.tar.gz' to the remote server using AES-256:

scp -c aes256-ctr ./backup.tar.gz ramces@192.168.68.165:/home/ramces/

Moving files between Linux systems with SCP Picture 12

Additionally, the -c option also allows you to provide a list of ciphers that you want to use to transfer a particular file. For example, the following command uses both AES-192 and AES-256 while transferring the file 'backup.tar.gz' to the remote server:

scp -c aes192-ctr,aes256-ctr ./backup.tar.gz ramces@192.168.68.165:/home/ramces/

Moving files between Linux systems with SCP Picture 13

Limit bandwidth usage in SCP

While compressing file packets can help you use SCP in poor network conditions, it can also limit the bandwidth the program uses during transmission. This is useful if you are on a limited connection and do not want SCP to dominate your network bandwidth.

To limit the effective bandwidth of a program, you need to use the -l flag followed by an upper limit in kilobits per second (Kb/s). For example, running the following command will transfer the file 'backup.tar.gz' to the remote server with an effective bandwidth of 1,600 Kb/s:

scp -l 1600 ./backup.tar.gz ramces@192.168.68.165:/home/ramces/

Moving files between Linux systems with SCP Picture 14

Transfer files between multiple remote servers with SCP

In addition to copying local files to your remote server and vice versa, you can also use SCP to manage multiple remote servers from your local machine, since SCP only handles file transfers and does not differentiate between local and remote machines.

To transfer between two remote servers, you need to specify the username and address of each. For example, running the following command will transfer the file 'remote-backup.tar.gz' between two remote servers:

scp ramces@192.168.68.108:/home/ramces/remote-backup.tar.gz ramces@192.168.68.165:/home/ramces/

Moving files between Linux systems with SCP Picture 15

Using Proxies with SCP

By default, SCP uses the local machine's IP address whenever it transfers files between different servers. While this is perfectly fine under normal circumstances, it can be a problem if your local network restricts any SCP operations. A quick way to work around this is to route your local connection through an SSH proxy.

To do this, you need to use the -o flag followed by the ProxyCommand option. This allows you to create a basic SSH connection to a new machine, which will in turn execute your SCP command. For example, running the following will create a new SSH proxy to a remote machine and transfer the 'backup.tar.gz' file using it:

scp -o "ProxyCommand ssh ramces@192.168.68.108 nc %h %p" ./backup.tar.gz ramces@192.168.68.165:/home/ramces/

Moving files between Linux systems with SCP Picture 16

Change default port in SCP

In addition to creating a basic SSH proxy, you can also change the default port for SCP. This is especially useful if you are securing your Linux server and do not want to expose any default ports.

To use SCP with a different port, you need to use the -P flag followed by the port number you want to use. For example, the following command will recursively copy the 'backup' directory and connect to the remote server using port 2222:

scp -r -P 2222 ./backup ramces@192.168.68.165:/home/ramces/

Moving files between Linux systems with SCP Picture 17

Using Quite mode in SCP

Finally, it is also possible to completely remove any terminal output from the SCP command. This is especially useful if you want to create a non-interactive script that runs on your machine. Not only that, but you can also completely automate this process by creating a cronjob and passing the SSH private key to your server.

To do this, you need to use the -q flag. For example, the following command will silently transfer the 'backup.tar.gz' file to the remote server:

scp -q ./backup.tar.gz ramces@192.168.68.165:/home/ramces/

Moving files between Linux systems with SCP Picture 18

David Pac

Update 09 December 2024