How To Use SCP Command on Linux

Transferring files securely between systems is a fundamental skill for Linux administrators and users alike. The SCP (Secure Copy Protocol) command provides a reliable and encrypted method to move files across networks while maintaining data integrity and confidentiality. Whether you’re backing up important documents, deploying applications to servers, or simply sharing files with colleagues, mastering SCP is essential for efficient and secure file management in Linux environments.

Table of Contents

What is SCP and Why Use It?

SCP, which stands for Secure Copy Protocol, is a command-line utility that enables secure file transfers between local and remote systems. Built on the SSH (Secure Shell) protocol, SCP ensures that all data transmissions are encrypted and protected from unauthorized access during transit. This security feature is what distinguishes SCP from older, less secure file transfer methods like FTP or rcp.

Core benefits of using SCP include:

End-to-end encryption of file data and authentication information
Simple and straightforward command syntax
Built-in compression capabilities to optimize transfer speeds
Preservation of file attributes including permissions and timestamps
Cross-platform compatibility with various Unix-like systems and Windows (via third-party tools)

SCP requires SSH to be installed and properly configured on both the source and destination systems. The user initiating the transfer must have appropriate read permissions for the source files and write permissions for the destination location. This permission-based access control adds another layer of security to the file transfer process.

Unlike unsecured alternatives such as FTP (File Transfer Protocol), SCP prevents sensitive data from being intercepted during transmission. This makes it particularly valuable for system administrators handling confidential information, developers transferring proprietary code, or any user concerned with data privacy.

Common use cases for SCP include:

Server migration and backup operations
Deploying code to production or staging environments
Transferring configuration files between systems
Sharing data securely with remote team members
Automated file transfers in scripts and system maintenance tasks

SCP Command Syntax Explained

Understanding the SCP command structure is crucial for effective file transfers. The basic syntax follows this pattern:

scp [OPTIONS] [[user@]src_host:]file1 [[user@]dest_host:]file2

Let’s break down each component of this syntax:

scp: The command initializer that invokes the secure copy protocol and verifies that a secure shell connection is available.

[OPTIONS]: Optional parameters that modify the behavior of the command, such as enabling recursive copying or specifying connection settings.

[user@]src_host:file1: The source specification, indicating where to copy from. This consists of:

An optional username (defaults to the current user if omitted)
An optional source host (defaults to local machine if omitted)
The path to the file or directory to be copied

[user@]dest_host:file2: The destination specification, indicating where to copy to. This follows the same format as the source specification.

When working with local files, you can simply specify the file path without the user and host components. However, for remote files, you must include the username and host address followed by a colon before the file path.

Path specification examples:

Absolute paths begin with a forward slash (/) and specify the exact location from the root directory
Relative paths do not begin with a slash and are interpreted relative to the current directory

If you omit the username, SCP assumes the current user account. If you omit the host specification entirely, SCP assumes you’re referring to a local file. When transferring between two remote systems, you must specify both host addresses explicitly.

Essential SCP Command Options

The SCP command supports numerous options that enhance its functionality and allow for customized file transfers. These options are specified immediately after the scp command and before the source and destination parameters.

Recursive copying with -r

The -r option enables recursive copying of entire directories, including all subdirectories and files:

scp -r /local/directory user@remote_host:/remote/directory

Custom SSH port with -P

By default, SCP connects to the standard SSH port (22). To use a different port, use the -P option followed by the port number:

scp -P 2222 file.txt user@remote_host:/destination/path

Note that the -P flag uses uppercase ‘P’ unlike the SSH command which uses lowercase ‘-p’.

Compression for faster transfers with -C

Enable compression during file transfer to improve speed, especially for text files or slow network connections:

scp -C large_file.txt user@remote_host:/destination/path

Preserving file attributes with -p

The -p option preserves the original file attributes including modification times, access times, and permissions:

scp -p important_script.sh user@remote_host:/scripts/

Bandwidth limitation with -l

Limit the bandwidth usage during transfer to prevent network saturation:

scp -l 1000 large_file.txt user@remote_host:/destination/path

This limits the transfer speed to approximately 1000 Kbit/s.

Quiet mode with -q

Suppress the progress meter and non-error messages for silent operation:

scp -q backup.tar.gz user@remote_host:/backups/

Verbose output with -v

Enable verbose mode to display detailed debugging information about the connection and transfer process:

scp -v confidential_document.pdf user@remote_host:/secure/

This option is particularly useful for troubleshooting connection issues.

Additional useful options:

Option	Description
`-4`	Force SCP to use IPv4 addresses only
`-6`	Force SCP to use IPv6 addresses only
`-B`	Batch mode (disables all interactive prompts)
`-i identity_file`	Specify an identity file for SSH authentication
`-c cipher`	Select a specific cipher for encryption

Basic File Transfer Examples

Let’s explore some common SCP usage scenarios with practical examples to demonstrate its versatility.

Copying a file from local system to remote server

To transfer a file from your local machine to a remote server, use:

scp /path/to/local/file.txt username@remote_host:/path/to/destination/

For example, to copy a document named “project_report.pdf” to your home directory on a remote server:

scp ~/Documents/project_report.pdf user@192.168.1.100:~/

During the transfer, SCP displays a progress meter showing the transfer speed, percentage complete, and estimated time remaining.

Copying a file from remote server to local system

To download a file from a remote server to your local machine:

scp username@remote_host:/path/to/remote/file.txt /path/to/local/destination/

For instance, to download a configuration file from a server to your current directory:

scp admin@server.example.com:/etc/config.conf ./

If the file is large, you might want to add the compression option:

scp -C admin@server.example.com:/var/log/large_log_file.log ~/logs/

Transferring multiple files at once

SCP allows copying multiple files in a single command by specifying multiple source files:

scp file1.txt file2.txt file3.txt user@remote_host:/destination/

You can also use wildcards to select multiple files:

scp *.jpg user@remote_host:/destination/images/

Using a custom SSH port

If your SSH server is running on a non-standard port, specify it with the -P option:

scp -P 2222 important_file.txt user@remote_host:/destination/

Authentication with SSH key

For more secure and convenient authentication, use the -i option to specify a private key file:

scp -i ~/.ssh/private_key.pem large_archive.zip user@remote_host:/backups/

This method eliminates the need for password entry and is particularly useful for automated scripts.

Advanced SCP Techniques

Once you’ve mastered the basics, you can leverage more advanced SCP techniques to handle complex file transfer scenarios.

Recursive directory transfers

To copy an entire directory structure including all files and subdirectories:

scp -r /path/to/local/directory user@remote_host:/path/to/destination/

For example, to transfer a complete project directory:

scp -r ~/projects/webapp admin@production-server:/var/www/

The -r option ensures that all files and subdirectories within the source directory are copied recursively while maintaining the directory structure.

Preserving file metadata

When transferring configuration files or scripts, it’s often important to maintain their original permissions, timestamps, and other attributes:

scp -p -r /etc/nginx/ user@backup-server:/etc/

The -p flag preserves the modification times, access times, and permissions of the original files, which is crucial for system files and executable scripts.

Optimizing transfer speed with compression

For transferring text-based files like logs, source code, or documents over slow connections, enabling compression can significantly improve performance:

scp -C large_log_files.tar user@remote_host:/archive/

However, compression may not provide benefits for already compressed files like images, videos, or archive files (zip, tar.gz), and might even slow down the transfer by consuming CPU resources unnecessarily.

Limiting bandwidth consumption

In shared network environments or when working with limited bandwidth, you can restrict SCP’s network usage:

scp -l 500 huge_dataset.csv user@remote_host:/data/

This limits the transfer speed to approximately 500 Kbit/s, preventing network congestion.

Transferring between two remote systems

SCP allows copying files directly between two remote servers without passing through your local machine:

scp user1@source_host:/path/to/file user2@destination_host:/path/to/destination/

This technique is particularly useful when your local connection is slower than the connection between the two remote servers. However, both servers must be accessible from your current location, and you may need to provide authentication for both connections.

Troubleshooting SCP Issues

Even with its straightforward usage, you might encounter some common issues when using SCP. Understanding these problems and their solutions will help ensure smooth file transfers.

Permission denied errors

One of the most common issues occurs when you lack the necessary permissions to read the source files or write to the destination directory:

Permission denied, please try again.

To resolve this:

Verify that you have read permissions for the source files
Ensure you have write permissions for the destination directory
Check ownership of the files and directories involved
Use sudo or switch to a user with appropriate permissions

You can check and modify permissions using the chmod command:

chmod 644 filename    # For regular files
chmod 755 directory   # For directories

Connection refused problems

If SCP cannot establish a connection to the remote host:

ssh: connect to host example.com port 22: Connection refused

Possible solutions include:

Verify the SSH service is running on the remote host: systemctl status sshd
Check if the specified port is correct and open: nmap -p 22 remote_host
Ensure the remote host is reachable: ping remote_host
Check firewall settings on both ends: iptables -L or ufw status

Slow transfers

If file transfers are slower than expected, consider these optimization techniques:

Enable compression with -C for text-based files
Use a faster cipher algorithm: scp -c aes128-ctr file.txt user@host:/path/
Check network bandwidth limitations
Verify CPU usage on both systems as compression/encryption is CPU-intensive

Authentication failures

Problems with authentication typically manifest as repeated password prompts or explicit authentication failures:

Permission denied (publickey,password).

Troubleshooting steps include:

Verify that the username is correct
Ensure SSH key permissions are set properly: chmod 600 ~/.ssh/id_rsa
Check that the remote server allows your authentication method in /etc/ssh/sshd_config
Try connecting with verbose output: ssh -v user@host to identify the issue

File not found errors

If SCP cannot locate the specified file:

scp: /path/to/file: No such file or directory

Check for:

Typos in the file path
Whether you’re using absolute vs. relative paths correctly
File existence on the source system: ls -la /path/to/file
Whether paths with spaces are properly quoted

SCP Security Best Practices

Since SCP deals with file transfers that may include sensitive data, implementing robust security practices is essential.

Use SSH key authentication

Password-based authentication is vulnerable to brute force attacks. Instead, set up SSH key pairs:

# Generate a new SSH key pair
ssh-keygen -t ed25519 -C "your_email@example.com"

# Copy the public key to remote server
ssh-copy-id user@remote_host

Once configured, you can transfer files securely without password prompts:

scp -i ~/.ssh/id_ed25519 confidential_file.txt user@remote_host:/secure/

Implement non-standard SSH ports

Changing the default SSH port (22) can help reduce automated scanning attacks:

Edit the SSH configuration file on the remote server:
```
sudo nano /etc/ssh/sshd_config
```
Change the Port directive to a number between 1024 and 65535
```
Port 2222
```
Restart the SSH service:
```
sudo systemctl restart sshd
```

Use SCP with the custom port:

scp -P 2222 file.txt user@remote_host:/path/

Configure proper firewall rules

Restrict SSH access to specific IP addresses or networks:

sudo ufw allow from 192.168.1.0/24 to any port 22

Maintain updated systems

Regularly update your SSH packages to protect against security vulnerabilities:

sudo apt update && sudo apt upgrade openssh-server openssh-client

Apply the principle of least privilege

Create dedicated users for file transfers with limited permissions:

sudo adduser scp_user
sudo usermod -d /transfer_directory -s /bin/scp scp_user

This restricts the user to SCP operations only within their home directory.

SCP Alternatives and When to Use Them

While SCP is a powerful tool, several alternatives might better suit certain scenarios.

SFTP (SSH File Transfer Protocol)

SFTP provides an interactive file transfer experience with similar security features to SCP:

sftp user@remote_host

SFTP is preferable when you need to:

Navigate remote directories interactively
Perform multiple operations in a single session
Resume interrupted transfers
Need more detailed error reporting

Rsync for efficient synchronization

Rsync excels at synchronizing directories and only transferring changed portions of files:

rsync -avz --progress /local/directory/ user@remote_host:/remote/directory/

Rsync is better than SCP when:

Performing regular backups
Synchronizing large directories
Resuming interrupted transfers
Needing to preserve hard links and special files

Other secure transfer tools

Tool	Best for	Key feature
`sshfs`	Mounting remote filesystems	Works like a local filesystem
`rsync+ssh`	Incremental backups	Only transfers changed file parts
`git`	Code repositories	Version control with secure transfers
`curl/wget with HTTPS`	Downloading from web servers	Simple one-way downloads

When selecting a tool, consider:

The specific requirements of your task
Performance needs and bandwidth limitations
User interface preferences (GUI vs. CLI)
Integration with existing workflows and scripts

VPS Manage Service Offer

If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!