SSH and SCP: Howto, tips & tricks
This tutorial is about SSH and SCP. You will learn how to connect to a remote host and how to copy between hosts. This tutorial also documents a few important differences between the commands.
Difficulty: Basic
Before we start: in this tutorial, you will come across both SSH and ssh. The difference is this: SSH is the general protocol, and ssh is the linux SSH client command.
SSH
SSH is some kind of an abbreviation of Secure SHell. It is a protocol that allows secure connections between computers. In this tutorial, we'll be dealing with the ssh command on Linux, the OpenSSH version. Most Linux distributions feature the OpenSSH client today, but if you want to be sure, have a look at the SSH manpage on your system. You can do this by typing:
[rechosen@localhost ~]$ man ssh
Note: this should be done in a terminal. This tutorial assumes that you have some basic terminal knowledge, like knowing how to start a terminal session on your system and being familiar with the basic commands and syntaxes.
If it displays something like this
NAME
ssh - OpenSSH SSH client (remote login program)
then you can be quite sure you're running the OpenSSH version. For more background information about SSH, see http://en.wikipedia.org/wiki/SSH.
The most simple case
In the most simple case, you can connect to a server that supports ssh with a syntax as short as this:
[rechosen@localhost ~]$ ssh yourserver
Note: If you do not have any ssh server nearby that you can access, you can also try this command with your own computer as a server. To do this, replace "yourserver" with "localhost".
Of course, yourserver should be replaced by a hostname or an ip address of the server you want to connect to. As you can see in the terminal snippet, I am logged in as rechosen. If you do not specify a username (I'll explain how to do that later in this tutorial), SSH will assume that you want to login with the username you're currently logged in with. So, in this case, SSH will try the username rechosen.
Of course, you need to be sure that the server supports ssh connections. The ssh client tries to connect to port 22 defaultly. This means that, if you want to connect to a remote host with the default settings, you should make sure that, if applicable, port 22 is forwarded to the server you're trying to connect to. You will find more regarding the SSH port further in this tutorial.
Now, back to the command we ran. If the server supports SSH connections and you can reach it by port 22, you should be prompted for a password (if this is the first time you try to connect to the server, ssh will first ask the question if you want to continue connecting, which can generally just be answered with a 'yes'). If you type a password here, you won't see asterisks appearing. Don't panic, this is ssh's normal behaviour. It makes connecting using ssh even more safe, because any accidental spectators won't be able to see the length of the password. After entering the password, if the username and the password were correct, you should be running a shell on the server. If not, make sure you are connecting to a server of which you know that you should be able to login with your username and the specified password. You could try connecting to your own computer (see the note beneath the terminal quote) or read on to learn how to specify an other username.
Once you're done trying the ssh shell, you can exit it by pressing Ctrl + D.
Specifying a username
It's actually quite simple to specify a different username. You might even already be familiar with it. See the following example:
[rechosen@localhost ~]$ ssh yourusername@yourserver
The above will make ssh try to connect with the username "yourusername" instead of (in my case) rechosen. This syntax is also used by a lot of other protocols, so it'll always come in handy to know it. By the way, you will still be asked for a password. For security reasons, it is not even possible to directly specify the password in the syntax. You will always be asked interactively, unless you start configuring the server in an advanced way (which is exactly why that topic is out of this tutorials scope: this tutorial documents how to use the clients, not how to configure the server).
Specifying a port
There are many reasons to move the ssh service to an other port. One of them is avoiding brute-force login attempts. Certain hackers try to get access to ssh servers by trying a lot of common usernames with common passwords (think of a user "john" with password "doe"). Although it is very unlikely that these hackers will ever get access to the system, there is an other aspect of the brute-force attacks that you'll generally want to avoid: the system and connection load. The brute-force attacks usually are done with dozens or even thousands of tries a second, and this unnecessarily slows down the server and takes some bandwidth which could've been used a lot better. By changing the port to a non-default one, the scripts of the hackers will just be refused and most of the bandwidth will be saved.
As the ssh command can't just guess the port, we will have to specify it if it's not the default 22 one. You can do that this way:
[rechosen@localhost ~]$ ssh -p yourport yourusername@yourserver
Of course, you will have to replace "yourport" with the port number. These is an important difference between ssh and scp on this point. I'll explain it further on.
Running a command on the remote server
Sometimes, especially in scripts, you'll want to connect to the remote server, run a single command and then exit again. The ssh command has a nice feature for this. You can just specify the command after the options, username and hostname. Have a look at this:
[rechosen@localhost ~]$ ssh yourusername@yourserver updatedb
This will make the server update its searching database. Of course, this is a very simple command without arguments. What if you'd want to tell someone about the latest news you read on the web? You might think that the following will give him/her that message:
[rechosen@localhost ~]$ ssh yourusername@yourserver wall "Hey, I just found out something great! Have a look at www.examplenewslink.com!"
However, bash will give an error if you run this command:
bash: !": event not found
What happened? Bash (the program behind your shell) tried to interpret the command you wanted to give ssh. This fails because there are exclamation marks in the command, which bash will interpret as special characters that should initiate a bash function. But we don't want this, we just want bash to give the command to ssh! Well, there's a very simple way to tell bash not to worry about the contents of the command but just pass it on to ssh already: wrapping it in single quotes. Have a look at this:
[rechosen@localhost ~]$ ssh yourusername@yourserver 'wall "Hey, I just found out something great! Have a look at www.examplenewslink.com!"'
The single quotes prevent bash from trying to interpret the command, so ssh receives it unmodified and can send it to the server as it should. Don't forget that the single quotes should be around the whole command, not anywhere else.
SCP
The scp command allows you to copy files over ssh connections. This is pretty useful if you want to transport files between computers, for example to backup something. The scp command uses the ssh command and they are very much alike. However, there are some important differences.
The scp command can be used in three* ways: to copy from a (remote) server to your computer, to copy from your computer to a (remote) server, and to copy from a (remote) server to another (remote) server. In the third case, the data is transferred directly between the servers; your own computer will only tell the servers what to do. These options are very useful for a lot of things that require files to be transferred, so let's have a look at the syntax of this command:
[rechosen@localhost ~]$ scp examplefile yourusername@yourserver:/home/yourusername/
Looks quite familiar, right? But there are differences. The command above will transfer the file "examplefile" to the directory "/home/yourusername/" at the server "yourserver", trying to get ssh acces with the username "yourusername". That's quite a lot information, but scp really needs it all. Well, almost all of it. You could leave out the "yourusername@" in front of "yourserver", but only if you want to login on the server with your current username on your own computer. Let's have a closer look at the end of the command. There's a colon over there, with a directory after it. Just like Linux's normal cp command, scp will need to know both the source file(s) and the target directory (or file). For remote hosts, the file(s)/directory are given to the scp command is this way.
You can also copy a file (or multiple files) from the (remote) server to your own computer. Let's have a look at an example of that:
[rechosen@localhost ~]$ scp yourusername@yourserver:/home/yourusername/examplefile .
Note: The dot at the end means the current local directory. This is a handy trick that can be used about everywhere in Linux. Besides a single dot, you can also type a double dot ( .. ), which is the parent directory of the current directory.
This will copy the file "/home/yourusername/examplefile" to the current directory on your own computer, provided that the username and password are correct and that the file actually exists.
You probably already guessed that the following command copies a file from a (remote) server to another (remote) server:
[rechosen@localhost ~]$ scp yourusername@yourserver:/home/yourusername/examplefile yourusername2@yourserver2:/home/yourusername2/
Please note that, to make the above command work, the servers must be able to reach each other, as the data will be transferred directly between them. If the servers somehow can't reach each other (for example, if port 22 is not open on one of the sides) you won't be able to copy anything. In that case, copy the files to your own computer first, then to the other host. Or make the servers able to reach each other (for example by opening the port).
Well, those are the main uses of scp. We'll now go a bit more in-depth about the differences between ssh and scp.
*: Actually you can also use it just like the normal cp command, withhout any ssh connections in it, but that's quite useless. It requires you to type an extra 's' =).
Specifying a port with scp
The scp command acts a little different when it comes to ports. You'd expect that specifying a port should be done this way:
[rechosen@localhost ~]$ scp -p yourport yourusername@yourserver:/home/yourusername/examplefile .
However, that will not work. You will get an error message like this one:
cp: cannot stat `yourport': No such file or directory
This is caused by the different architecture of scp. It aims to resemble cp, and cp also features the -p option. However, in cp terms it means 'preserve', and it causes the cp command to preserve things like ownership, permissions and creation dates. The scp command can also preserve things like that, and the -p option enables this feature. The port specification should be done with the -P option. Therefore, the following command will work:
[rechosen@localhost ~]$ scp -P yourport yourusername@yourserver:/home/yourusername/examplefile .
Also note that the -P option must be in front of the (remote) server. The ssh command will still work if you put -p yourport behind the host syntax, but scp won't. Why? Because scp also supports copying between two servers and therefore needs to know which server the -P option applies to.
Another difference between scp and ssh
Unlike ssh, scp cannot be used to run a command on a (remote) server, as it already uses that feature of ssh to start the scp server on the host. The scp command does have an option that accepts a program (the -S option), but this program will then be used instead of ssh to establish the encrypted connection, and it will not be executed on the remote host.
Tips & Tricks with ssh and scp
Quite a handy thing about scp is that it supports asterisks. You can copy all files in a remote directory in a way like this:
[rechosen@localhost ~]$ scp yourusername@yourserver:/home/yourusername/* .
And you can also just copy a whole directory by specifying the -r (recursive) option:
[rechosen@localhost ~]$ scp -r yourusername@yourserver:/home/yourusername/ .
Both of these also work when copying to a (remote) server or copying between a (remote) server and another (remote) server.
The ssh command can come in handy if you don't know the exact location of the file you want to copy with scp. First, ssh to the (remote) server:
[rechosen@localhost ~]$ ssh yourusername@yourserver
Then browse to the right directory with cd. This is essential Linux terminal knowledge, so I won't explain it here. When you're in the right directory, you can get the full path with this command:
[rechosen@localhost ~]$ pwd
Note: pwd is an abbreviation of Print Working Directory, which is a useful way to remember the command.
You can then copy this output, leave the ssh shell by pressing Ctrl + D, and then paste the full directory path in your scp command. This saves a lot of remembering and typing!
You can also limit the bandwidth scp may use when copying. This is very useful if you're wanting to copy a huge amount of data without suffering from slow internet for a long time. Limiting bandwidth is done this way:
scp -l bandwidthlimit yourusername@yourserver:/home/yourusername/* .
The bandwidth is specified in Kbit/sec. What does this mean? Eight bits is one byte. If you want to copy no faster than 10 Kbyte/sec, set the limit to 80. If you want to copy no faster than 80 Kbyte/sec, set the limit to 640. Get it? You should set the limit to eight times the maximum Kbyte/sec you want it to be. I'd recommend to set the -l option with all scp'ing you do on a connection that other people need to use, too. A big amount of copying can virtually block a whole 10 Mbit network if you're using hubs.
Final Words
Well, that was it! I hope you learned a lot. Of course, you can always have a quick look at this tutorial again if you forgot something. Please tell other people who might be interested about this tutorial, you'll help this blog to grow if you do =). Thank you for reading and have a lot of fun with your new knowledge!
Topic: thanks!
thanks for howto =)
Topic: Linux Scp Command
Hello,
yeh it is a well appriciated work. Thanks to share knowledgr with us. Long live GNU long live linux association
Topic: scp
very helpful. didn't know you could do that . thanks :D
Topic: helpful information.
Thanks for the helpful information provided.
Topic: exclude
Do you know how to exclude directories using SCP?
eg. SCP -r [?EXCLUDE /home/me/not/] root@www.example.com:/home/me
or how to scp a symbolic link without copying all the links?
thanks
Topic: Re: exclude
Hmmm... I guess that would require some kind of wrapper script. As far as I know, scp doesn't feature exclude support. The program rsync does, though, so maybe it is worth the time to look into it.
I don't know what you mean with "how to scp a symbolic link without copying all the links?", but maybe the -p option (preserve) might help.
Topic: password
how i can include my password in the commandline in a crontab script?
(sorry 4 my english, but i'm italian :p )
Topic:
good job, thanks
Topic: Thank you
Excellent information :-)
Topic: tq
well done..
linux is the best..
Topic: Excellent tutorial!
Thanks!
Topic: scp file transfer
Ok, Here is my problem. I am in a remote locale and I can get to my main computer, run progs, etc. However, I cannot transfer (scp) to where I am and somehow the file I want to move to me just overwrites itself. I have the "port 22" problem you mention above and have no access to the router. How do I transfer a file now?
I am a bigtime new user. Windows XP Pro laptop to an XP desktop
Topic: Can multiple files be copied using SCP and SFTP like mget in ftp
Hi, can we download multiple files using SCP and SFTP like mget in ftp?
Topic: sftp question
I was wondering if you can specify a lrecl, fb and blksize for an sftp job
Topic: scp & ssh
a complete tutorial for ssh command with practical implementation.It lists even the the default cases.
Topic: ssh
what is the command to take the data in ssh
Topic: group
what is the command to add the group into the group
for eg we have group1, group2, group3
we want to add the group1 and group2 to group3.
what is the command. please help me.
thank u
Topic: Scp ssh
Nyc
Topic: scp
thanks for the tutorial, this is very usefull for me
Topic: Re: Linux
A detailed guide is to work with Linux. Your blog looks more informative. It will be more effective if you provide some screen shots how they are working.
quickTutes - video tutorials, computer tutorials, internet tutorials, tutorials
Topic: ssh and scp
Hi, I would like to know if I can disable ssh for just one account (oracle), users will login with their personal accounts, then su to oracle, so this can be audited. However, I would also like to allow oracle to accept scp requests, but if I disable oracle, in sshd_config with
DenyUsers oracle
I can't use ssh or scp for oracle.
Any suggestions?
Topic: Re: ssh and scp
Hmmm... You might try using
scponly, though I'm not sure if it'll allow using su. It should allow su -c , though.
Topic: Great!
Excellent! Thanks a lot!
Topic: Good job
Thanks for this, really helped me!
Topic: i love it
this tutorial is simple and usefull, I really like it.
Topic: scp
Had just the info I was look for and excellent examples, thanks!
Topic: what if I want to
......
copy the files from a server...to another computer ..(aleady have an account on the computer).......where do I put the ip address?..
Topic: scp howto
thanks for the howto, is very usefull for me, good look
Topic: Great Tutorial
Well done, this is great info. There is huge difference between reading 'man' pages and reading a well explained article like this.
noussh
Topic: C program for scp
Thanks for the tutorial. How to write a C code for scp command in Linux? I couldn't find it anywhere. Please help me in finding it.
Thanks in advance.
Topic: thanx
thanks for the ssh tuts
Topic: i tried this way from one server to another
I changed the directory where the file is resided and run this command to deploy in remote server.
scp -P username@remoteserver:/remote/location/path
let me know if this is wrong?
Topic: yet another ssh tip
You can use to use ssh in a browser, I always use it when i'm using a system without ssh client. There is a small minpoint: it's a bit slower then a regular ssh client
Topic: ssh command with username and password
Hell All,
could you please help me in providing the syntax or example in writing ssh command which includes giving password init , rather that interactive systems.
Appreciate your help in advance.
Topic: thanks
another thanks. quick and to the point. very helpful to me
Topic: Copying multiple files in multiple folders
I would like to use a manifest file that contains files' directories and filenames, and have my script read through them and copy each one from server A to server B. I've tried this with scp, but each execution of the command prompts me for the passphrase.
You can bypass using your passphrase by sharing public/private keys between your local and remote sources...
Have a look here to find out how:
http://magicmonster.com/kb/net/ssh/auto_login.html
BE WARNED that this produces a hole through your remote server login security and you should fully understand how it works before using it.
Great stuff - if all tutorials were this readable and this thorough, we'd all be Linux gurus!
Excellent article. Informative and comprehensive. How can one cancel an ongoing scp?
That would usually be done by pressing Ctrl + c in the terminal where the ongoing scp is running. An alternative way is to find out the process id of it and use kill -QUIT on that.
Copy to a remote server an entire directory without following symbolic links:
rsync -azuv -e ssh /home/* user@remotehost:/mnt/backup/
The other way?
rsync -azuv -e ssh user@remotehost:/home/* /mnt/backup/
Rsync is a nice tool, too. Didn't know it could work with just ssh on the remote host; good spot! Do know, however, that rsync does not work between two remote servers, like scp does.
P.S. I fixed the slashes for you, Jon :).
Another tip: on computers without ssh clients you can use a ssh client on a website.
Thanks a lot! You helped me.
You're welcome!
It s great help this stuff..
but I got some problems..
It always ask for server's username, password and client's username, password when copying files using "scp". Is there any way that can be used to copye file without asking for passwords.
When using scp, it takes 2, 3 steps to copy, because it ask for passwords and usenames.
I need a way to copy files from a remote server in a single command, is there a way?
thank you
You can specify the username using the username@hostname syntax, and using scp without entering a password is very well possible. Just get ssh to work without a password and scp should do so, too. Search the net for "passwordless ssh" to find howto's on it. Be careful, though; passwordless ssh has some security concerns.
thank you, excellent tutorial! This was very helpful for me in uploading securely to a remote server :)