Random thoughts & observations

From the mundane to the profound and everything in between here’s what’s rocking our world

Securely copying files and directories with Unix

Posted: July 19, 2014
Written by: Saints At Play
Category: Unix

If, like a lot of developer's, you're working with the Apple Mac platform then you not only get the benefits of a well designed GUI but you also get to take advantage of the powerful features provided by the underlying Unix core. 

In this tutorial we're going to take you through one of those features: securely copying files.

Using the scp command (short for Secure Copy) from the Mac OS X Terminal we have lots of options available for this purpose.

Copying a directory from a local machine to a remote host

scp -r name-of-directory remote-host-user-name@remote-host:/path-on-remote-host-to-copy-directory-to

In the above example we use the -r flag to recursively copy the directory and all its contents to the remote host. We then supply a user name and domain name followed by the path to the location on the remote host where we will be copying files to.

When you press the Enter key you will be prompted to enter a password for the account you are logging in to the remote host with.

Changing the Cipher

As scp uses SSH (Secure Shell - a cryptographic protocol for secure communication) we have the option of changing the particular cipher that is used. By default scp uses Triple-DES (sometimes referred to as 3DES) which is a more secure variation on the original DES (Data Encryption Standard - one of the oldest encryption algorithms used from the mid-1970's). Triple-DES generates a 112 bit key compared to DES's 56 bit key.

An alternative cipher that can be used instead is blowfish which employs a variable sized key length between 32 and 448 bits. This particular cipher can provide performance gains in speed when used with scp and can be implemented like so:

scp -c blowfish name-of-file remote-host-user-name@remote-host:/path-on-remote-host-to-copy-file-to

In the above example we implement the -c flag (shorthand for cipher - note this is a lowercase c) to use blowfish instead of Triple-DES as we copy a file from our local machine to a directory on a remote machine.

Specifying a port number

Thanks to the -P flag (note this is uppercase) we can specify a particular port number to implement data transfer when using scp:

scp -P 1234 name-of-file remote-host-user-name@remote-host:/path-on-remote-host-to-copy-file-to

In the above example we copy a file from our local machine to a specified directory on the remote host through port 1234.

Preserving the file metadata being copied

The use of unix flags give developers many options when it comes to handling various commands. Not to be confused with the above example of specifying a port number using the -p flag (note this is lowercase unlike the previous example) informs scp to preserve the modification times, access times and modes from the original file when it is being copied.

scp -p name-of-file remote-host-user-name@remote-host:/path-on-remote-host-to-copy-file-to

Just to confuse matters slightly, SSH uses the -p flag to set the port number whereas scp (despite using SSH) uses -P instead. Just a small detail to bear in mind!

Displaying additional information during data transfer

Instructing scp to transfer data in verbose mode allows the user to see additional information about the progress of the files being copied. Use the -v flag to accomplish this:

scp -v name-of-file remote-host-user-name@remote-host:/path-on-remote-host-to-copy-file-to

Enabling compression

If the server connection is slow and/or large volumes of data are being copied scp allows you to implement compression of assets being transferred through use of the -C flag (note this is uppercase unlike the -c flag for changing the cipher):

scp -C name-of-file remote-host-user-name@remote-host:/path-on-remote-host-to-copy-file-to

One final example

The scp utility, like many commands in unix, is able to be configured through the use of different flags - some of which we have already covered - and can make use of multiple options being combined together, like so:

scp -c blowfish -C -r name-of-directory remote-host-user-name@remote-host:/path-on-remote-host-to-copy-directory-to

In the above example we are copying a directory to a remote host making use of three particular flags:

  • -c blowfish (to change the particular cipher)
  • -C (to enable compression)
  • -r (to recursively copy the directory and all its contents)

Last words

We've only scratched the surface of what's possible with scp. We could have touched upon instructing scp to use only IPV6 addresses, copy files/directories without being prompted for passwords or even changing the particular SSH protocol being used but you can learn more about how to do that using the unix manual for scp with the following command:

man scp

Have fun exploring and using one of Unix's most powerful tools!

« Return to Posts

Comments

There are no comments

Posting comments after three months has been disabled.