Securely copying files and directories with Unix

July 19, 2014, 10:24 pm
Author: James Griffiths

Using the scp command (short for Secure Copy) from the Mac OS X Terminal we have lots of options available for this purpose.

Copying a directory from a local machine to a remote host

 scp -r name-of-directory remote-host-user-name@remote-host:/path-on-remote-host-to-copy-directory-to 

In the above example we use the -r flag to recursively copy the directory and all its contents to the remote host. We then supply a user name and domain name followed by the path to the location on the remote host where we will be copying files to.

When you press the Enter key you will be prompted to enter a password for the account you are logging in to the remote host with.

Changing the Cipher

As scp uses SSH (Secure Shell - a cryptographic protocol for secure communication) we have the option of changing the particular cipher that is used. By default scp uses Triple-DES (sometimes referred to as 3DES) which is a more secure variation on the original DES (Data Encryption Standard - one of the oldest encryption algorithms used from the mid-1970's). Triple-DES generates a 112 bit key compared to DES's 56 bit key.

An alternative cipher that can be used instead is blowfish which employs a variable sized key length between 32 and 448 bits. This particular cipher can provide performance gains in speed when used with scp and can be implemented like so:

 scp -c blowfish name-of-file remote-host-user-name@remote-host:/path-on-remote-host-to-copy-file-to 

In the above example we implement the -c flag (shorthand for cipher - note this is a lowercase c) to use blowfish instead of Triple-DES as we copy a file from our local machine to a directory on a remote machine.

Specifying a port number

Thanks to the -P flag (note this is uppercase) we can specify a particular port number to implement data transfer when using scp:

 scp -P 1234 name-of-file remote-host-user-name@remote-host:/path-on-remote-host-to-copy-file-to 

In the above example we copy a file from our local machine to a specified directory on the remote host through port 1234.

Preserving the file metadata being copied

The use of unix flags give developers many options when it comes to handling various commands. Not to be confused with the above example of specifying a port number using the -p flag (note this is lowercase unlike the previous example) informs scp to preserve the modification times, access times and modes from the original file when it is being copied.

 scp -p name-of-file remote-host-user-name@remote-host:/path-on-remote-host-to-copy-file-to 

Just to confuse matters slightly, SSH uses the -p flag to set the port number whereas scp (despite using SSH) uses -P instead. Just a small detail to bear in mind!

Displaying additional information during data transfer

Instructing scp to transfer data in verbose mode allows the user to see additional information about the progress of the files being copied. Use the -v flag to accomplish this:

 scp -v name-of-file remote-host-user-name@remote-host:/path-on-remote-host-to-copy-file-to 

Enabling compression

If the server connection is slow and/or large volumes of data are being copied scp allows you to implement compression of assets being transferred through use of the -C flag (note this is uppercase unlike the -c flag for changing the cipher):

 scp -C name-of-file remote-host-user-name@remote-host:/path-on-remote-host-to-copy-file-to 

One final example

The scp utility, like many commands in unix, is able to be configured through the use of different flags - some of which we have already covered - and can make use of multiple options being combined together, like so:

 scp -c blowfish -C -r name-of-directory remote-host-user-name@remote-host:/path-on-remote-host-to-copy-directory-to 

In the above example we are copying a directory to a remote host making use of three particular flags:

  • -c blowfish (to change the particular cipher)
  • -C (to enable compression)
  • -r (to recursively copy the directory and all its contents)

Last words

We've only scratched the surface of what's possible with scp. We could have touched upon instructing scp to use only IPV6 addresses, copy files/directories without being prompted for passwords or even changing the particular SSH protocol being used but you can learn more about how to do that using the unix manual for scp with the following command:

 man scp 

Have fun exploring and using one of Unix's most powerful tools!

Categories

« Return to Posts

Post a comment

All comments are welcome and the rules are simple - be nice and do NOT engage in trolling, spamming, abusiveness or illegal behaviour. If you fail to observe these rules you will be permanently banned from being able to comment.