Securely Transferring Files Between Systems
When a host is running the sshd service, it can also facilitate secure file transfers between systems. There are several commands available for this purpose:
- scp: For copying files.
- rsync: For synchronizing files.
- sftp: For transferring files using an FTP-like interface over SSH.
Using scp to Securely Copy Files
The scp (secure copy) command functions similarly to the cp (copy) command for local files, but it also supports remote hosts. This allows you to copy files and directories to and from remote systems.
- Basic Syntax: To copy a file to a remote host, you would use the command:
scp /local/path/to/file user@remotehost:/remote/path/to/fileExample: Copying the/etc/hostsfile to the/tmpdirectory onserver2:scp /etc/hosts server2:/tmp- Copying as Another User: To copy a file to your home directory on
server2as therootuser: scp root@server2:/etc/passwd ~- Copying Directories: Use the
-roption to copy an entire directory structure: scp -r /local/dir user@remotehost:/remote/dirExample: Copying the/etcdirectory fromserver2to the/tmpdirectory:scp -r server2:/etc /tmp- Specifying Non-Default SSH Port: To connect to a non-default SSH port, use the
-Poption (note the uppercasePforscp, whilesshuses lowercase-p): scp -P port_number /local/path/to/file user@remotehost:/remote/path/to/file
Using sftp to Securely Transfer Files
The sftp (SSH File Transfer Protocol) command provides an FTP-like interface for secure file transfers over SSH.
- Starting an
sftpSession: - Open an
sftpsession to a remote server running thesshdservice: sftp user@remotehost- Typical
sftpCommands:putto upload a file from your local system to the remote server.getto download a file from the remote server to your local system.
sftpsession: sftp> put /local/path/to/file /remote/path/to/filesftp> get /remote/path/to/file /local/path/to/file- Local Directory: The local directory context is important. When you
puta file, it is taken from the current local directory. When yougeta file, it is stored in the current local directory.
- Local Directory: The local directory context is important. When you
Using rsync for File Synchronization
The rsync command is a powerful tool for synchronizing files and directories between systems. It provides various options to control what is synchronized and how.
By leveraging these commands, you can securely and efficiently transfer files between systems, ensuring data integrity and security.
The rsync command leverages SSH to synchronize files between a remote directory and a local directory. The primary advantage of synchronization is that only the differences between files are transferred, making the process efficient. For instance, if a 100-MiB file has only a few changed blocks since the last sync, only those changes will be transferred. This method is known as delta synchronization.
Common rsync Options
Here are some frequently used rsync options:
| Option | Description |
|---|---|
-r | Synchronizes the entire directory tree |
-l | Copies symbolic links as symbolic links |
-p | Preserves permissions |
-n | Performs a dry run, not actually synchronizing anything |
-a | Uses archive mode, ensuring that entire subdirectory trees and all file properties are synchronized |
-A | Uses archive mode and synchronizes Access Control Lists (ACLs) |
-X | Synchronizes SELinux context as well |
Using SFTP to Manage Files on a Remote Server
Add a Hostname: From a sudo shell, add a line to match the IP address of server2 to the hostname server2.
Open an SFTP Session: From a terminal, type:
sftp student@server2This opens an SFTP prompt onserverList Files: Typelsto see the files in the current working directory on the remote server how Remote Directory: Typepwdto display the current directory on the remote server Show Local Directory: Typelpwdto display your local current directory Change Local Directory: Typelcd /tmpto change the local directory to/tmpUpload a File: Typeput /etc/hoststo upload the/etc/hostsfile fromserver1to the home directory of thestudentuser onserver2Close SFTP Session: Typeexitto close the SFTP session.
Configuring Key-Based Authentication for SSH
For enhanced security, especially when SSH is used over the Internet, it’s advisable to use public/private key authentication instead of passwords. This method is generally enabled by default due to its increased security.
Setting Up Key-Based Authentication
Generate Key Pair: On the client machine, generate a public/private key pair using:
ssh-keygen
Accept the default filename (~/.ssh/id_rsa) and press Enter twice when prompted for a passphrase if you prefer not to use one.
Copy Public Key to Server: Use ssh-copy-id to transfer the public key to the remote server:
ssh-copy-id user@server2
You will be prompted for the remote user’s password one last time.
Verify Key-Based Authentication: Test the setup by logging into the remote server:
ssh user@server2 You should be able to log in without entering a password.
Important Considerations
- The public key is stored in the
~/.ssh/authorized_keysfile on the server. - Multiple users can have their keys in the
authorized_keysfile; ensure not to overwrite this file to avoid disrupting other users’ access.
By following these steps, you can securely and efficiently transfer files between systems, manage remote files with SFTP, and enhance your SSH security with key-based authentication.
Revision: Transferring Files
Using scp (Secure Copy Protocol)
scp is used to securely copy files between hosts on a network.
Copy a file from the local system to a remote system:
scp /path/to/local/file username@remote_host:/path/to/remote/directoryExample:
scp /home/user/file.txt user@192.168.1.100:/home/user/- Copy a file from a remote system to the local system:
scp username@remote_host:/path/to/remote/file /path/to/local/directoryExample:
scp user@192.168.1.100:/home/user/file.txt /home/user/- Copy a directory recursively from the local system to a remote system:
scp -r /path/to/local/directory username@remote_host:/path/to/remote/directoryExample:
scp -r /home/user/mydir user@192.168.1.100:/home/user/Using rsync (Remote Sync)
rsync is used for efficiently transferring and synchronizing files between systems.
- Synchronize a file from the local system to a remote system:
rsync -av /path/to/local/file username@remote_host:/path/to/remote/directoryExample:
rsync -av /home/user/file.txt user@192.168.1.100:/home/user/- Synchronize a file from a remote system to the local system:
rsync -av username@remote_host:/path/to/remote/file /path/to/local/directoryExample:
rsync -av user@192.168.1.100:/home/user/file.txt /home/user/- Synchronize a directory from the local system to a remote system:
rsync -av /path/to/local/directory username@remote_host:/path/to/remote/directoryExample:
rsync -av /home/user/mydir/ user@192.168.1.100:/home/user/mydir/Using sftp (SSH File Transfer Protocol)
sftp is an interactive file transfer program, similar to ftp, but uses SSH for security.
- Start an
sftpsession:
sftp username@remote_hostExample:
sftp user@192.168.1.100- Use
putcommand to upload a file from local to remote system:
sftp> put /path/to/local/file /path/to/remote/directoryExample:
sftp> put /home/user/file.txt /home/user/- Use
getcommand to download a file from remote to local system:
sftp> get /path/to/remote/file /path/to/local/directoryExample:
sftp> get /home/user/file.txt /home/user/- Use
put -rcommand to upload a directory recursively from local to remote system:
sftp> put -r /path/to/local/directory /path/to/remote/directoryExample:
sftp> put -r /home/user/mydir /home/user/These commands cover various scenarios of file transfer which are essential for general system administration tasks.
