How to use SCP and SFTP to securely transfer files

Moving files between systems is one of a Linux system administrator's regular activities. When transferring data across a network, one important consideration is the security of the medium you're using. There are several tools are available for this.

On  Red Hat Enterprise Linux (RHEL), SFTP (Secure File Transfer Protocol) and SCP (secure copy) are handy commands to move files between systems securely. As part of the OpenSSH suite, these tools rely on Secure Shell (SSH) to transfer the files. This means they use the same authentication and provide the same security as SSH does.

Copy files with SCP

To transfer files with SCP, specify the remote server's IP address or hostname and the destination path where you want it to copy the file or directory. Use the same username and credentials for SCP as you use for SSH. No other credentials are needed. If the file already exists at the destination, SCP replaces or overwrites the content. It's also wise to use absolute path names for the destination path.

To transfer a file with the scp command, use the following syntax:

$ scp file1 user@192.268.1.3:/home/user

This example copies file1 on the local server to /home/user/ on the remote server at 192.168.1.3.

In instances where the SSH server uses a different port, say 2390, the command to copy the files looks like this:

$ scp -P 2390 file1 user@192.268.1.3:/home/user

Note: The -P is uppercase instead of lowercase -p (as when using SSH).

You need to specify the path to the public and private keys if they are stored in nonstandard locations. For example, if the private key is stored at /home/keys/id_rsa, the command is:

$ scp -i /home/keys/id_rsa -P 2390 file1 user@192.268.1.3:/home/user

It's also possible to copy a directory by using the -r parameter. To copy a directory named backup, use:

$ scp -r backup user@192.268.1.3:/opt/

This command copies the entire backup directory to /opt/backup. Please note that you need to ensure the user you are connecting with has permission to do the operation you want to do.

Copy files with SFTP

SFTP is a secure file transfer program that also relies on SSH and is interactive. The tool is similar to FTP, but it uses SSH port 22.

When you initiate an SFTP connection, it connects to its destination and enters an interactive mode on the remote server. You can then transfer files using commands such as get, put, cd, and rmdir.

To establish an SFTP connection, use:

$ sftp user@192.168.1.3

You should have a command prompt similar to the one below:

sftp>

If SSH is running on an alternate port, use:

$ sftp -oPort=2390 user@192.168.1.3

When using a passwordless connection and if the private key is named differently or stored in a different location than the default, use:

$ sftp -o IdentityFile=~/.ssh/id_rsa_key user@192.168.1.3

The example above connects to 192.168.1.3 using the private key at ~/.ssh/id_rsa_key.

[ Linux provides a dozen ways to perform any given task, including installing apps. For a refresher, download the guide to installing applications on Linux. ]

What if you want to transfer the file /etc/resolv.conf file to /etc on the remote server? In that case, use:

$  sftp user@192.168.1.3
sftp> cd /etc
sftp> put /etc/resolv.conf 

To download a file named /opt/user_list from the remote server to the local system, do:

$  sftp user@192.168.1.3
sftp> cd /opt 
sftp> get user_list

You can upload and download directories by using the -r parameter.

To upload a directory, use:

sftp> put -r  new_folder 

To download a directory, use:

sftp> get -r  folder_from_remoteserver

For additional options, use the sftp –help command or consult the man pages by typing man sftp.

Wrap up

Using secure file copy commands such as scp and sftp are an important part of network hardening and general security initiatives. The commands are straightforward and rely on the familiar and trusted SSH utility. Practice using both tools for a more responsible sysadmin stance.