Never Ending Security

It starts all here

SCP Commands Cheatsheet

SCP Command Examples

Secure copy or SCP is a means of securely transferring computer files between a local host and a remote host or between two remote hosts. It is based on the Secure Shell (SSH) protocol

Basic syntax of SCP

scp source_file_name username@destination_host:destination_folder

SCP – detail information

Basic SCP command without parameter will copy all your files in the background. User will not see the progress or any other related information – unless there’s an error. To see what is really going on behind the curtain you would use “-v” switch. This will print all debug information into you console. If your SCP commands fails for some reason, this switch will help you ‘debug’ connection, see authentication process and closer inspect those pesky configuration problems.

cyberpunk@n0where.net ~/Documents $ scp -v somefile.txt root@192.x.x.x:.
SAMPLE OUTPUT
Executing: program /usr/bin/ssh host 192.x.x.x, user cyberpunk, command scp -v -t .
OpenSSH_x.x Debian, OpenSSL x.x.x 10 Sep 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 192.x.x.x [192.x.x.x] port 22.
debug1: Connection established.
debug1: Host '192.x.x.x' is known and matches the RSA host key.
debug1: Found key in /home/cyberpunk/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: Next authentication method: password
root@192.x.x.x's password:
debug1: Authentication succeeded (password).
Authenticated to 192.x.x.x ([192.x.x.x]:22).
Sending file modes: C0770 3760348 somefile.txt
Sink: C0770 3760348 somefile.txt
somefile.txt 100% 3672KB 136.0KB/s 00:27
Transferred: sent 3766304, received 3000 bytes, in 65.2 seconds
Bytes per second: sent 57766.4, received 46.0
debug1: Exit status 0

SCP … Estimated Time ?

With “-p” switch you can get estimated time of execution and the connection speed

cyberpunk@n0where.net ~/Documents $ scp -p somefile.txt root@192.x.x.x:.
SAMPLE OUTPUT
root@192.x.x.x's password:
somefile.txt 100% 3672KB 126.6KB/s 00:29

Compress during transfer

There’s a chance ( depending on a file type) that you can speed up your transfer by compressing the content during network transmission. You can try this with “-C” switch but the result will vary from file to file.

Test case: 93 Mb file:

cyberpunk@n0where.net ~/Documents $ scp -pv big.log root@192.x.x.x:.
SAMPLE OUTPUT
Executing: program /usr/bin/ssh host 192.x.x.x, user cyberpunk, command scp -v -p -t .
OpenSSH_x.x Debian, OpenSSL x.x 10 Sep 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 192.x.x.x [192.x.x.x] port 22.
debug1: Connection established.
debug1: identity file /home/cyberpunk/.ssh/id_rsa type -1
debug1: Found key in /home/cyberpunk/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: Trying private key: /home/cyberpunk/.ssh/id_rsa
debug1: Next authentication method: password
root@192.x.x.x's password:
debug1: Authentication succeeded (password).
Authenticated to 192.x.x.x ([192.x.x.x]:22).
debug1: Sending command: scp -v -p -t .
File mtime 1323853868 atime 1380425711
Sending file timestamps: T1323853868 0 1380425711 0
big.log 100% 93MB 58.6KB/s 27:05
Transferred: sent 97614832, received 25976 bytes, in 1661.3 seconds
Bytes per second: sent 58758.4, received 15.6
debug1: Exit status 0

SCP Encryption

By default SCP is using “AES-128” to encrypt files. If you want to that to another cipher use “-c” switch

cyberpunk@n0where.net ~/Documents $ scp -c 3des somefile.txt root@192.x.x.x:.

root@192.x.x.x's password:
somefile.txt 100% 3672KB 282.5KB/s 00:13

Limit bandwidth usage

The “-l” parameter will limit the bandwidth use:

cyberpunk@n0where.net ~/Documents $ scp -l 400 somefile.txt root@192.x.x.x:.

root@192.x.x.x's password:
somefile.txt 100% 3672KB 50.3KB/s 01:13

The 400 value behind “-l” parameter tells scp to limit bandwidth to 50 KB/sec.

Use specific port

Usually SCP is using port 22 as a default port. But for security reason, you may change the port to something else:

cyberpunk@n0where.net ~/Documents $ scp -P 2249 somefile.txt root@192.x.x.x:.

root@192.x.x.x's password:
somefile.txt 100% 3672KB 262.3KB/s 00:14

Copy files recursively

Sometimes we need to copy directory and all files recursively . SCP support recursive copy with the “-r” switch

cyberpunk@n0where.net ~/Documents $ scp -r documents root@192.x.x.x:.

root@192.x.x.x's password:
somefile.txt 100% 3672KB 282.5KB/s 00:13
scp.txt 100% 10KB 9.8KB/s 00:00

Disable diagnostic messages

If you choose not to see progress meter and warning / diagnostic messages from SCP, you may disable it using “-q” switch:

cyberpunk@n0where.net ~/Documents $ scp -q somefile.txt root@192.x.x.x:.

root@192.x.x.x's password:
cyberpunk@n0where.net ~/Documents $

Copy files via proxy

Proxy server is usually used in office environment. Natively, SCP is not proxy configured. When your environment has proxy server in-between you and your destination, you have to “tell” SCP to use that proxy.

The proxy address at 192.168.1.1 on port 8080. First, you need to create “~/.ssh/config” file with:

ProxyCommand /usr/bin/corkscrew 192.168.1.1 8080 %h %p ~/.ssh/proxyauth

after that, you need to create file “~/.ssh/proxyauth” with

myusername:mypassword

After that you can do SCP transparently as usual.

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s