Configuring SSH

On your remote server, you’ll need to install an SSH server. The most common on Linux is the OpenSSH server. To install it, run one of the following commands: Depending on your distro, you may need to allow SSH through some software firewalls. On Ubuntu, this problem is nonexistent, but on Fedora, you’ll also have to run the following commands:

Connecting to Your System via SSH

Before you can connect via SSH, you need to find out the IP address of the remote server. On graphical servers, the IP address is shown in the Network applet in System Settings. On most servers, you should use the ip command in the terminal. In the output, look for the line starting with inet under ethX or enpXsy, depending on the way your network interface is connected to the system. In my case, it’s 192.168.68.108. To test the SSH connection, move to a different Linux machine and type: Change the “user” to the actual username in the server. Enter that account’s password, and you’re in business. If you get a question about the “authenticity of host can’t be established,” just answer “yes.” It is a security check designed to make sure that you are connecting to your actual server and not an impostor. You should see the same prompt come up on your client system that you see when logging directly into the server, which means your connection was successful. You should also configure your SSH connections for maximum security, or even set up two-factor authentication, before proceeding to the next step.

Using SCP to Transfer Files

Now that you have tested the SSH connection, start copying files between the two machines. Secure copying is achieved using the scp command. The basic format of the scp command is: For example, to copy the file “backup.tar.gz” from the local machine to the “backups” folder in the home directory of user “ramces” on the remote server with the IP address of 192.168.68.165, use: Similar to when you connect using ssh, you will be prompted for the password. You won’t be prompted for the username, as that was specified in the command. You can also use wild cards like the following: To copy a file from the remote server to the local machine, just reverse the parameters: Notice the dot at the end of the command? It means “the current directory,” as it does with the standard cp or mv commands. You could just as easily specify some other directory if you wanted to. And the same with wild cards: To recursively copy a directory to a remote server, use the -r option: To copy a recursive copy of a directory from the remote server to the local machine, use:

Compressing the File Transfer in SCP

Aside from basic copying, it is also possible to modify how SCP behaves during these file transfers. For example, you can use the -C flag to compress the data that SCP sends to remote clients: This option works by compressing each data packet as it is being sent through the SCP program. As such, this can be incredibly useful if you are in a bandwidth-limited connection and want to reliably send a file to a remote server. Similar to the options above, you can also use -C alongside the -r flag to recursively compress and transfer files to a remote machine. For example, the following command compresses and retrieves the “backup.tar.gz” file from my remote server:

Optimizing a Data Transfer with SCP

For the most part, SCP attempts to use the AES-128 encryption algorithm for all of its file transfers. However, there are instances where this particular algorithm will not be suitable for the files that you want to transfer. Knowing that, it is possible to further optimize and secure SCP by directly changing the cipher algorithm for a specific transfer. To do this, you need to use the -c flag followed by the cipher that you want to use. For example, the following command transfers the “backup.tar.gz” file to my remote server using AES-256: Further, the -c option also allows you to provide a list of ciphers that you want to use for a particular file transfer. For example, the following command uses both AES-192 and AES-256 while transferring the “backup.tar.gz” file to my remote server:

Limiting Bandwidth Usage in SCP

While compressing file packets can help you use SCP in poor network conditions, it is also possible to limit the bandwidth that the program uses during a transfer. This is helpful in cases where you are using a metered connection and do not want SCP to dominate your network bandwidth. To limit the program’s effective bandwidth, you need to use the -l flag followed by the upper limit that you want in kilobit per second (Kb/s). For example, running the following command will transfer the “backup.tar.gz” file to my remote server at an effective bandwidth of 1,600 Kb/s:

Remote to Remote Transfer with SCP

Aside from copying local files to your remote server and vice versa, you can also use SCP to manage multiple remote servers from your local machine, as SCP only deals with file transfer and does not discriminate between a local and remote machine. To transfer between two remote servers, you need to explicitly state the username and the address of each of those machines. For example, running the following command will transfer my “remote-backup.tar.gz” file between my two remote servers:

Using a Proxy with SCP

By default, SCP uses your local machine’s IP address whenever it transfers files between different hosts. While this is perfectly fine in normal situations, it can be a problem if your local network restricts any SCP activity. One quick way to deal with this issue is by passing your local connection through an SSH proxy. To do this, you need to use the -o flag followed by the ProxyCommand option. This allows you to create a basic SSH connection to a new machine which will, in turn, execute your SCP command. For example, running the following will create a new SSH proxy with a remote machine and transfer the “backup.tar.gz” file using it:

Changing the Default Port in SCP

Aside from creating a basic SSH proxy, you can also change the default port for SCP. This is especially helpful if you are securing your Linux server and do not want to expose any default ports. To use SCP with a different port, you need to use the -P flag followed by the port number that you want to use. For example, the following command will recursively copy my “backup” directory and connect to my remote server using port 2222:

Using the SCP Quiet Mode

Lastly, it is also possible to completely remove any terminal output from an SCP command. This is especially useful if you want to create a non-interactive script that will run in your machine. Not only that, but you can also fully automate this process by creating a cronjob and transferring a private SSH key to your server. To create a quiet SCP transfer, you need to use the -q flag. For example, the following command will transfer my “backup.tar.gz” file silently to my remote server: Image credit: Unsplash. All alterations and screenshots by Ramces Red. This issue can also be due to one of your remote machines being behind a CG-NAT connection, so any outside connection to your remote machine will not resolve properly. To fix this, you need to use a Virtual LAN program, such as Yggdrasil, that will allow you to punch through CG-NAT.