Networking

How to use secure copy with ssh key authentication

Here's how to use the secure copy command, in conjunction with ssh key authentication, for an even more secure means of copying files to your remote Linux servers.

Anyone that administers Linux machines knows secure shell well. Without this tool it would be quite a challenge to remotely administer those servers. It would also become quite a bit harder to move files back and forth, at least with a modicum of security. That's where secure copy comes into play. With the scp command, you can copy files to and from a remote Linux server, through an encrypted ssh tunnel.

However, with the help of ssh key authentication, you can make that even more secure. I want to show you how you can make use of secure key authentication, along with scp, so you can rest assured your files are being moved back and forth securely. I will be demonstrating on an Elementary OS client and Ubuntu 16.04.1 server and will assume you have secure shell installed and working.

ssh keys

The first thing that must be done is the creation of an ssh key pair. To do this, open up a terminal window and issue the command:

ssh-keygen -t rsa

You will be asked to name the file (use the default) and give the keypair a passphrase (Figure A).

Figure A

Figure A

Creating your ssh keypair.

Once the key's randomart prints, your key is ready to go.

The next step is to copy the key to the remote server. This is done with the command:

scp-copy-id USER@SERVER

Where USER is the username on the remote server and SERVER is the address of the remote server.

You will be prompted for the remote user password. Once you successfully authenticate, the public key will be copied to the server. You're ready to go.

SEE: Securing Linux policy (Tech Pro Research)

Using scp with your key

Now that our keys are in all the right places, let's see how we can make use of them, through scp. The command to send a file to your remote server, using your ssh key, is (assuming you accepted the default name for your ssh key upon creation):

scp -i ~/.ssh/id_rsa.pub FILENAME USER@SERVER:/home/USER/FILENAME

Where FILENAME is the name of the file, USER is the username on the remote machine, and SERVER is the address of the remote server.

You should be prompted for the ssh key password (not the user password). Once authenticated, the file will be transferred.

The same holds true if you need to pull a file from the remote server. The structure of that command would be:

scp -i ~/.ssh/id_rsa.pub USER@SERVER:/home/USER/FILENAME /home/USER/FILENAME

Again, you will be asked for your ssh key password and the file will be pulled from the server and copied to the local machine.

Forget that password

Let's say you are about to undergo a long session of copying files to your server. Sure you could tar them all up into one bigger file, but say they need to all be placed in different directories. That's a lot of typing. You can make this slightly more efficient by using the ssh-agent and ssh-add commands. That's right, using the combination of scp, ssh key authentication, and ssh-agent works really well. What this will do is keep you from having to type that ssh key password every time you issue the scp command. The one caveat to this is that you must remember the PID of the agent session and kill it when you're done.

Here's what you have to do.

  1. Before issuing the scp command issue eval `ssh-agent` to start the session
  2. Make note of the Process ID (PID) you are given when the session starts
  3. Add your ssh key to the session with the command ssh-add
  4. Start using scp to copy your files

That's all there is to it. When you're done with the session, make sure to issue the command kill PID (Where PID is the actual number given to you when you started the ssh-agent session with eval).

SEE: 20 quick tips to make Linux networking easier (free PDF) (TechRepublic)

Added security and ease

And that, my friends, is how you make use of ssh key authentication with the scp command. It may not change your world, but it will certainly make it a bit more secure and, with the help of ssh-agent, a bit easier.

Also see

linuxsecurityhero.jpg
Image: Jack Wallen

About Jack Wallen

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website jackwallen.com.

Editor's Picks

Free Newsletters, In your Inbox