Linux – scp transfer files (passwordless) between systems

To totally unlock this section you need to Log-in

SSH (Secure SHELL) is an open source and most trusted network protocol that is used to login into remote servers for execution of commands and programs. It is also used to transfer files from one computer to another computer over the network using secure copy (SCP) Protocol.

SCP (secure copy) is a command line utility that allows you to securely copy files and directories between two locations.

With scp, you can copy a file or directory:

  • From your local system to a remote system.
  • From a remote system to your local system.
  • Between two remote systems from your local system.

When transferring data with scp both the files and password are encrypted so that anyone snooping on the traffic doesn’t get anything sensitive.

In this tutorial, we will show you how to use the scp command through practical examples and detailed explanations of the most common scp options.

Before going into how to use the scp command, let’s start by reviewing the basic syntax.

The scp utility expressions take the following form:

scp [OPTION] [[email protected]]SRC_HOST:]file1 [[email protected]]DEST_HOST:]file2

OPTION – scp options such as cipher, ssh configuration, ssh port, limit, recursive copy ..etc:

[[email protected]]SRC_HOST:]file1 – Source file.
[[email protected]]DEST_HOST:]file2 – Destination file

Local files should be specified using an absolute or relative path while remote file names should include a user and host specification.

Make sure to include a space between the source and destination paths. Also, be careful when copying files that share the same name on both hosts; you may accidentally overwrite data you intended to keep.

scp provides a number of options that control every aspect of its behavior. The most widely used options are:

-P Specifies the remote host ssh port.
-p Preserves files modification and access times.
-q Use this option if you want to suppress the progress meter and non-error messages.
-C. This option will force scp to compresses the data as it is sent to the destination machine.
-r This option will tell scp to recursively copy directories.

Generate a public and private key pair

The following Unix/Linux commands (and resulting system output) demonstrate how to create a public and private key pair on your local Unix computer system.

When we run this command on a MacBook, which is a MacOS system (which is itself a version of Unix), it creates two files in a directory named .ssh, which is located in the home directory. Those two files are named id_rsa and id_rsa.pub. The first file (id_rsa) contains the private key, and the second file (id_rsa.pub) contains the public key.

It’s important to note that if you just go with the defaults, as we are about to show, and you already have a file named id_rsa, your system should warn you, like this:

$ ssh-keygen -t rsa

The following is a complete, and successfull, generation of a private/public key pair:

$ ssh-keygen -t rsa

Enter file in which to save the key (/Users/al/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/al/.ssh/id_rsa.
Your public key has been saved in /Users/al/.ssh/id_rsa.pub.
The key fingerprint is:
6f:16:29:90:46:b6:88:34:3d:81:07:fc:bd:1a:fc:db [email protected]
The key’s randomart image is:
+–[ RSA 2048]—-+
| .++..o |
| .oo++ o |
| .o.o= |
| …. . |
| . .S o |
| o . o . |
| + + |
| . .. o |
| ..E |
+—————–+

As you can see from the output of this command:

  • Your private key is in a file named ~/.ssh/id_rsa
  • Your public key is in a file named ~/.ssh/id_rsa.pub

Feel free to use vi, nano or cat to look at both files if you like, but don’t change them. As you’ll see, they are both plain text files.

You should never give your private key to anyone else, so for all intents and purposes, the id_rsa file will just stay right where it is.

As for your public key (id_rsa.pub), you’re going to copy that to your remote servers (to which we will transfer files to) in the following step.

Copy your public key to your remote servers

The next step is to copy the id_rsa.pub file to the remote server you want to be able to access with ssh and/or scp without using a password. For the purposes of this article, we will refer to that remote system node1.example.com.

First, scp that file to node1 as you normally would, supplying a password during the scp process:

$ scp id_rsa.pub [email protected]node1.example.com:./

Another way to upload the public key is the following approach:

$ cat .ssh/id_rsa.pub | ssh [email protected] ‘cat >> .ssh/authorized_keys’

[email protected]’s password: [Enter Your Password Here]

If you’re not familiar with the scp command, it lets you securely copy files from one computer system to another, essentially working on top of the ssh command (the ./ at the end of that command puts the file in my home directory on node1).

Next, ssh into node1, again supplying your password when prompted:

$ ssh [email protected]

On node1, if the .ssh directory does not already exist in your home directory, create it. Assuming you are in your home directory, just create it like any other directory:

$ mkdir .ssh

Now copy the id_rsa.pub file to a new file named authorized_keys in that .ssh directory, like this:

$ cp id_rsa.pub .ssh/authorized_keys

Assuming those steps worked without error, if you now cd into your .ssh directory:

$ cd .ssh

And then use the ls command, you’ll see your file in this directory with the proper name:

$ ls -al

total 12
drwxr-xr-x 2 al al 4096 Jul 21 17:45 .
drwx—r-x 9 al al 4096 Jul 10 10:46 ..
-rw-r–r– 1 al al 419 Jul 21 17:46 authorized_keys

Again assuming that all these steps worked, you’re now ready to test your remote login without using a password.

Verify

To verify if everything is working as expected, simply scp any file from hostA to hostB. You should not be prompted for password for the transfer.

# scp /tmp/testfile node1.example.com:/tmp/testfile
testfile 100% |*****************************| 0 00:00