crossorigin="anonymous"> How to use SCP (Secure Copy) with SSH key authentication – Subrang Safar: Your Journey Through Colors, Fashion, and Lifestyle
Tech

How to use SCP (Secure Copy) with SSH key authentication

January 3, 2025
safiullah khan


Anyone who administers Linux machines knows the secure shell. Without this tool, managing these servers remotely would be quite difficult. Transferring files back and forth will also be difficult, at least with one mode of security. That’s where the secure copy comes into play. With the SCP command, you can copy files to and from a remote Linux server through an encrypted SSH tunnel.

See: How to View Your SSH Keys in Linux, MacOS, and Windows

However, with SSH key authentication, you can make it even more secure. I want to show you how you can use secure key authentication and SCP so you can be sure your files are being moved back and forth securely. I will demonstrate on one. Initial OS Clients and Ubuntu 16.04.1 server and assume you have a secure shell installed and working.


1
BDRSuite

Employees according to the size of the company
Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+)

Medium (250-999 employees)
medium

Features
24/7 customer support, data redundancy, encryption, and more

SSH keys

The first thing to do is create an SSH key pair. To do this, open a Terminal window and issue the command:

ssh-keygen -t rsa

You will be prompted to name the file (use the default) and passphrase the key pair.

Once the key is randomly printed, your key is ready to go.

The next step is to copy the key to the remote server. This is done with the command:

ssh-copy-id USER@SERVER

where USER is the username of the remote server, and SERVER is the address of the remote server.

You will be prompted for the remote user password. Once you have successfully authenticated, the public key will be copied to the server. You are ready to go.

See: Securing Linux Policy (Tech Pro Research)

Using SCP with your key

Now that we have our keys in all the right places, let’s see how we can use them through SCP. Assuming you accepted the default name for your SSH key after creation, the command to send a file to your remote server using your SSH key is:

scp -i ~/.ssh/id_rsa.pub FILENAME USER@SERVER:/home/USER/FILENAME

where FILENAME is the name of the file, USER is the user name on the remote machine, and SERVER is the address of the remote server.

You should be prompted for the SSH key password (not the user password). Once verified, the file will be transferred.

The same is true if you need to pull a file from a remote server. The structure of this command would be:

scp -i ~/.ssh/id_rsa.pub USER@SERVER:/home/USER/FILENAME /home/USER/FILENAME

Again, you will be asked for your SSH key password, and the file will be extracted from the server and copied to the local machine.

See: How to Add SSH Fingerprint to Your Known_Hosts File in Linux

Forget that password

Suppose you are about to undergo a long session of copying files to your server. Sure, you can convert them all into one big file. But say they all need to be kept in different directories. That’s a lot of typing. You can make it a bit more efficient by using ssh-agent And ssh-add Orders

That’s right, using a combination of SCP, SSH key authentication, and ssh-agent Works well. This will prevent you from typing the SSH key password every time you issue the SCP command. One caveat is that you should remember the PID of the agent session and kill it when you’re done.

Here’s what you have to do.

  1. Before issuing the SCP command evolve ssh-agent To start a session.
  2. Note the process ID you are given when the session starts.
  3. Add your SSH key to the session with the command ssh-add.
  4. Start using SCP to copy your files.

That’s all there is to it. When your session ends, be sure to issue the command kill PID (where PID is the original number given to you when you started the ssh-agent session with eval).

See: 20 Quick Tips to Simplify Linux Networking (Free PDF) (Tech Republic)

Is SCP still safe?

Someone asking if SCP is safe has probably read. 2019 release announcement for OpenSSH 8.0, which states that the SCP protocol is “outdated, inflexible and not easily configurable” and recommends SFTP and Rsync as file transfer alternatives.

Prior to OpenSSH 8.0, SCP could not verify file integrity during transfer, exposing users to unauthorized overwrite and injection attacks if their server was compromised (CVE-2019-611). However, the update introduced strict filename checking as a default for the SCP command, making it more secure, and moved its previous no-checking behavior to the command. scp -T.

Then, in OpenSSH 9.0, Released in 2022.SFTP was adopted as the default backend for SCP instead of the SCP/RCP protocol, meaning that transfers are now encrypted and authenticated with the SSH protocol. Although widely considered secure, users should still be wary of other threats such as misconfigured servers or outdated software versions.

What can I use instead of SCP?

  • SFTP: While SCP defaults to using the SFTP protocol, you may consider using native SFTP clients for advanced file management as it allows more operations, such as viewing directories and file deletion.
  • Rs sync: Ideal for synchronizing files and directories, especially for incremental backups and large datasets. Check out TechRepublic’s guide on How to Backup a Network Using Rsync.
  • FTPS: A secure option for traditional FTP transfers with SSL/TLS encryption, but can be complicated to set up.
  • HTTPS based tools: Like curl or wgetfor secure downloads over HTTPS. This is great for automation, but they don’t provide full directory management like SFTP.

Fiona Jackson updated this article in January 2025.



Source link

Leave a Reply

Translate »