Ensuring secure file transfers between hosts is critical to protecting data from interception or theft. In Linux, you can use the SCP command, which stands for “secure copy,” for secure data transfers.
In this post, we explain the correct SCP command syntax and mention sample commands for copying files to and from a remote destination. We also review some additional applications of the command that you can enable using options.
What Is the SCP Command?
The SCP command, which stands for “secure copy,” is used for secure data transfers in Linux.
SCP Command Syntax
To use the command correctly, you need to know how to enter it the right way. The correct SCP command syntax is as follows:
scp [OPTIONS] [[user@]src_host:]file1 [[user@]dest_host:]file2Let’s explore the syntax elements in detail:
SCP
The command initializer that also ensures a secure shell is available and functioning.
src_host
The host with the required file. Depending on the file, a server or a client machine can be the source host.
dest_host
The destination host to receive the file copy.
Options
These options are for flexible adjustment of the required command permissions. The list of most common settings includes:
C
To compress data on transfer.
P (Uppercase)
To indicate the connection port with the remote host.
p (lowercase)
To preserve timestamps. Use this to simplify access and modification afterward.
q
To use the quiet copy mode. With this option enabled, the system doesn’t show progress notifications.
r
To run recursive copying of the directory.
File transfer involves at least two specified destinations. You can use SCP to copy files:
- To different locations on one machine
- From a local host to a remote host
- From a remote host to a local host
- Between two remote destinations
If you don’t specify:
- The host or target username, the default command option is the current user.
- The path/to/source (or the target/path), the command initiates a local file search or copy process.
Note that there are the two requirements for using the SCP command to secure file transfers:
- The client and the server machine have SSH installed.
- You have root access to both the server and the client.
After you set up the SSH and access, you can use the SCP command to transfer and copy files securely. Let’s proceed with some use cases.
Copying a Single File with SCP Command
Copying a single file securely to and from remote machines is the most common use for the SCP command.
Copying a File With SCP From Local to Remote System
The command to copy a local file to a remote machine is as follows:
scp file.txt remote_username@remote_host_ip:/remote/directoryFor example, we need to copy a SampleDoc.txt file from a local Linux machine, whether physical or virtual, to an ESXi host. The destination on that ESXi host is the storage directory on the datastore20a datastore. The remote ESXi host has the following IP address: 192.168.101.311.
In this example, the command to execute the copying workflow looks like this:
scp SampleDoc.txt [email protected]:/vmfs/volumes/datastore20a/storage/You can set a new file name for the copied file at the destination host:
scp SampleDoc.txt [email protected]:/vmfs/volumes/datastore20a/install/SampleDoc-copy.txtThe -r flag can help you copy a directory with all the files it includes:
scp -r /local/directory [email protected]:/remote/directoryCopying a File With SCP From Remote to Local System
The SCP command enables you to conveniently copy files from remote machines to local nodes. You can also use this command to copy files from a virtual machine to the local host.
In this example, we copy a file located at the remote ESXi host to the Linux machine we use. The command is as follows:
scp remote_username@remote_ip_address:/remote/file.txt /local/directoryWe can copy a sampleimage.iso file from our remote ESXi server to the home directory destination on the Linux machine we specified:
scp [email protected]:/vmfs/volumes/datastore20a/install/sampleimage.iso /home/user1/
Copying Multiple Files With SCP Command
To securely copy multiple files with this command, add the names of those files to the source path in the command syntax. Here is the syntax scheme:
scp file1 file2 ... user@<user_ip>:DestinationFor instance, we need to copy numbered sample files sample1, sample2, sample3 and sample4. The correct command goes as follows:
scp sample1.txt sample2.txt sample3.txt sample4.txt [email protected]:/home/user1/Desktop
Additional Applications of the SCP Command
Here are some additional applications of the SCP command.
Quiet Mode
You can run the SCP command in quiet mode in case you don’t need to track the execution progress. The -q option activates this mode, excluding the progress meter and connected messages from the output data. Here is the sample command:
scp -q Desktop/sample_file.txt [email protected]:/home/sample_directoryVerbose Mode
The verbose mode is useful when you need to troubleshoot systems. Add the -v option to the SCP command and the debugging data is displayed in the output. Here is the sample:
scp -v Desktop/sample_fie.txt [email protected]:/home/sample_directoryBandwidth Limitation
If you want to control the available bandwidth for the SCP command during file transfer, you can do that with the -l option. The command can be useful when you copy large files or file sets and don’t need the process to overload the network. Here is the command sample:
scp -l 800 Desktop/sample_file.txt [email protected]:/home/sample_directoryNote that the bandwidth limit number in the sample is 800. The bandwidth here is measured in kilobits/s, not kilobytes. One byte is eight bits, so the 800 limit in the example is 800 kilobits/s or 100 KB/s.
Ensuring Secure File Transfers With SCP
Using the SCP command secures the file transfer workflow, but you can make data protection more reliable. Consider implementing the following recommendations to enhance your data security.
Ensure the PoLP Works
Do not use the default root user to conduct file transfers with SCP — we did that above only for demonstrative purposes. Consider setting a particular user that has the least privilege required to provide file access and SCP command execution.
Use Alternative Protocols When Required
When transferring extremely sensitive data records, consider using a protocol with extended security capabilities, such as SFTP (SSH file transfer protocol).
Update Your Systems Regularly
Updating your systems on time allows you to install patches that efficiently close security vulnerabilities.
Check File Permissions
Stay attentive and ensure that file permissions go in line with security requirements and policies. This is especially critical when you transfer files containing sensitive data.
Set Up and Use a Reliable Data Backup System
To enhance data reliability and overcome potential file corruption in case the transfer fails, consider implementing data protection solutions to back up your files, such as NAKIVO VM Backup.
Implement these recommendations to enhance file transfer security. These best practices can boost data protection efficiency and add reliability to your environment as a whole.
