Anyone that administers Linux machines knows secure shell well. Without this tool it would be quite a challenge to remotely administer those servers. It would also become quite a bit harder to move files back and forth, at least with a modicum of security. That’s where secure copy comes into play. With the scp command, you can copy files to and from a remote Linux server, through an encrypted ssh tunnel.

However, with the help of ssh key authentication, you can make that even more secure. I want to show you how you can make use of secure key authentication, along with scp, so you can rest assured your files are being moved back and forth securely. I will be demonstrating on an Elementary OS client and Ubuntu 16.04.1 server and will assume you have secure shell installed and working.

ssh keys

The first thing that must be done is the creation of an ssh key pair. To do this, open up a terminal window and issue the command:

ssh-keygen -t rsa

You will be asked to name the file (use the default) and give the keypair a passphrase (Figure A).

Figure A

Once the key’s randomart prints, your key is ready to go.

The next step is to copy the key to the remote server. This is done with the command:

ssh-copy-id USER@SERVER

Where USER is the username on the remote server and SERVER is the address of the remote server.

You will be prompted for the remote user password. Once you successfully authenticate, the public key will be copied to the server. You’re ready to go.

SEE: Securing Linux policy (Tech Pro Research)

Using scp with your key

Now that our keys are in all the right places, let’s see how we can make use of them, through scp. The command to send a file to your remote server, using your ssh key, is (assuming you accepted the default name for your ssh key upon creation):

scp -i ~/.ssh/id_rsa.pub FILENAME USER@SERVER:/home/USER/FILENAME

Where FILENAME is the name of the file, USER is the username on the remote machine, and SERVER is the address of the remote server.

You should be prompted for the ssh key password (not the user password). Once authenticated, the file will be transferred.

The same holds true if you need to pull a file from the remote server. The structure of that command would be:

scp -i ~/.ssh/id_rsa.pub USER@SERVER:/home/USER/FILENAME /home/USER/FILENAME

Again, you will be asked for your ssh key password and the file will be pulled from the server and copied to the local machine.

Forget that password

Let’s say you are about to undergo a long session of copying files to your server. Sure you could tar them all up into one bigger file, but say they need to all be placed in different directories. That’s a lot of typing. You can make this slightly more efficient by using the ssh-agent and ssh-add commands. That’s right, using the combination of scp, ssh key authentication, and ssh-agent works really well. What this will do is keep you from having to type that ssh key password every time you issue the scp command. The one caveat to this is that you must remember the PID of the agent session and kill it when you’re done.

Here’s what you have to do.

  1. Before issuing the scp command issue eval `ssh-agent` to start the session
  2. Make note of the Process ID (PID) you are given when the session starts
  3. Add your ssh key to the session with the command ssh-add
  4. Start using scp to copy your files

That’s all there is to it. When you’re done with the session, make sure to issue the command kill PID (Where PID is the actual number given to you when you started the ssh-agent session with eval).

SEE: 20 quick tips to make Linux networking easier (free PDF) (TechRepublic)

Added security and ease

And that, my friends, is how you make use of ssh key authentication with the scp command. It may not change your world, but it will certainly make it a bit more secure and, with the help of ssh-agent, a bit easier.


Featured Partners

1 New Relic

Visit website

Optimize your business operations with New Relic's comprehensive observability platform. Designed for multi-dimensional enterprises, it provides real-time insights and robust application performance monitoring. Effortlessly manage your IT landscape using New Relic's infrastructure and logs monitoring tools. Experience instant observability that enhances efficiency, minimizes downtime, and fosters innovation. Choose New Relic to transform data into actionable intelligence that propels growth.

Learn more about New Relic

2 Zoho Assist

Visit website

Strengthen your remote monitoring and management strategy with Zoho Assist's user-friendly interface and proactive solutions. With its robust features, Zoho Assist empowers administrators to monitor devices in real time, control them remotely, install updates, ensure security and compliance, and gain insights through comprehensive reporting.

Learn more about Zoho Assist

3 NinjaOne

Visit website

NinjaRMM is NinjaOne’s powerful easy-to-use RMM, offering all the features, flexibility, and power MSPs need in a fast-to-setup, easier-to-use package. NinjaRMM gives you complete visibility into and control over your Windows, Mac, and Linux servers, workstations and laptops as well as virtual machines, and networking devices. Our centralized, policy-based management approach puts automation at the center of your endpoint management strategy. NinjaRMM is built for the way MSPs work.

Learn more about NinjaOne

Subscribe to the Developer Insider Newsletter

From the hottest programming languages to commentary on the Linux OS, get the developer and open source news and tips you need to know. Delivered Tuesdays and Thursdays

Subscribe to the Developer Insider Newsletter

From the hottest programming languages to commentary on the Linux OS, get the developer and open source news and tips you need to know. Delivered Tuesdays and Thursdays