How To Use SCP (Secure Copy) With SSH Key Authentication

Anyone who manages a Linux machine knows about secure shells. Without this tool, managing these servers remotely would be very challenging. Moving files back and forth will also become more difficult, at least in terms of security. This is where secure copying comes into play. Using the SCP command, you can copy files to and from a remote Linux server through an encrypted SSH tunnel.

look: How to view SSH keys in Linux, macOS, and Windows

However, you can make it more secure with SSH key authentication. I want to show you how to use secure key authentication and SCP so that you can move your archives back and forth securely with confidence. I will demonstrate basic operating system customers and Ubuntu 16.04.1 server and assumes you have a secure shell installed and running.

SSH key

The first thing you must do is create an SSH key pair. To do this, open a terminal window and issue the command:

ssh-keygen -t rsa

You will be asked to name the file (use the default) and provide a password for the key pair.

Once the key’s random art is printed, your key is ready to use.

The next step is to copy the key to the remote server. This is done with the following command:

ssh-copy-id USER@SERVER

Among them, USER is the username of the remote server, and SERVER is the address of the remote server.

You will be prompted to enter the remote user password. After successful verification, the public key will be copied to the server. You are ready.

look: Securing Linux Strategies (Technology Professional Studies)

Use SCP with your key

Now that our keys are in the correct location, let’s see how to use them via SCP. Assuming you accepted the default name of the SSH key when creating it, the command to use the SSH key to send files to the remote server is:

scp -i ~/.ssh/id_rsa.pub FILENAME USER@SERVER:/home/USER/FILENAME

Among them, FILENAME is the file name, USER is the user name on the remote computer, and SERVER is the address of the remote server.

You should be prompted for the SSH key password (not the user password). Once authenticated, the file will be transferred.

The same goes for if you need to pull files from a remote server. The command is structured as follows:

scp -i ~/.ssh/id_rsa.pub USER@SERVER:/home/USER/FILENAME /home/USER/FILENAME

Again, you will be asked for your SSH key password and the file will be pulled from the server and copied to your local machine.

look: How to add SSH fingerprints to your known_hosts file in Linux

Forgot that password

Let’s say you’re about to go through a long session of copying files to a server. Of course, you can pack them all into a larger file. But let’s say they need to all be placed in different directories. That’s a lot of typing. You can use the following command to make it slightly more efficient ssh-agent and ssh-add Order.

Yes, using a combination of SCP, SSH key authentication and ssh-agent It works great. This will save you from having to type the SSH key password every time you issue an SCP command. Note that you must remember the PID of the proxy session and terminate it when you are done.

This is what you have to do.

1. Issue eval before issuing the SCP command ssh-agent Start a session.
2. Make a note of the process ID given to you when the session started.
3. Use the following command to add the SSH key to the session ssh-add.
4. Start copying your files using SCP.

That’s all. After completing the session, be sure to issue the command Kill PID (where PID is the actual number given to you when you started the ssh-agent session using eval).

look: 20 Quick Tips to Make Linux Networking Easier (Free PDF) (Technology Republic)

Is SCP still safe?

Someone asking if SCP is safe may have read 2019 Release Announcement OpenSSH 8.0 states that the SCP protocol is “outdated, inflexible, and not easy to fix” and recommends SFTP and Rsync as alternatives for file transfer.

Prior to OpenSSH 8.0, SCP was unable to verify file integrity during transmission. If the user’s server was compromised, the user would be exposed to unauthorized overwrite and injection attacks (CVE-2019-611). However, the update introduces stricter archive name checking as a default setting for the SCP command, making it more secure and moving its previous non-checking behavior to the command scp -T.

Then, in OpenSSH 9.0, Released in 2022SFTP is adopted as the default backend for SCP instead of the traditional SCP/RCP protocol, which means that the SSH protocol is now used to encrypt and authenticate the transfer. Although widely considered safe, users should still be wary of other risks, such as server misconfigurations or outdated software versions.

What can I use instead of SCP?

• SFTP: Although SCP uses the SFTP protocol by default, you may consider using the native SFTP client for advanced file management as it allows for more operations such as directory viewing and file deletion.
• synchronous: Ideal for synchronizing archives and directories, especially incremental backups and large data sets. See TechRepublic’s guide How to use Rsync to back up your network.
• FTPS: Security option for traditional FTP transfers using SSL/TLS encryption, but can be complex to configure.
• HTTPS-based tools: For example curl or wgetsecure downloading via HTTPS. These are great for automation, but they don’t provide full directory management like SFTP.

This article was updated in January 2025 by Fiona Jackson.