Secure Copy with SSH

Secure Copy with SSH
Bill McCauley
Author: Bill McCauley


Secure Shell (SSH) has a lot of useful features, many of which were created for the express purpose of replacing insecure communications and data transfers. Today we’re going to look at some examples of securely copying files and folders using the Secure Copy (SCP) functionality. In fact, one of the primary benefits of using SCP for transferring data is that it’s based on the SSH protocols, which allow you to leverage the same authentication and security features found in SSH.

 The syntax for SCP is setup in a source/destination format. This means that when you’re building out your SCP commands, it will be from the data’s source location, to the intended destination, as shown here:

 scp <source> <destination>

 We're going to look at a few different use cases, which are intended to cover the most common ways in which SCP would normally be used.  Our first set of examples will revolve around different ways to copy data from a local source to a remote destination.  

When breaking down the first example in our list below, we see that the scp command is given, followed by the local file, and then ending with the remote destination.  Also, if you look closely at the destination, you'll notice that it is composed of multiple parts, the remote IP address (, a colon (:), and where the file will end up on the target system (/home/user1/testFile.txt).

 Local to Remote (single file):

Syntax:  scp <local_files> <remote_IP>:<remote_path>

Example:  scp testFile.txt

Local to Remote (multiple files):

Syntax:  scp <local_files> <remote_IP>:<remote_path>

Example:  scp *.txt

Example:  scp testFile1 testFile2 testFile3

Local to Remote (folders):

Syntax:  scp -r <local_folder> <remote_IP>:<remote_path>

Example:  scp -r testFolder

Example:  scp -r testFolder/*

There are three items worth noting from the examples listed above.  First, wildcards can be used when transferring groups of files or folders, such as when *.txt was used.  Second, the -r flag is used anytime you want to recursively copy folders or folder contents.  And third, using /* as shown in the testFolder/* example, will copy all of the individual files within the folder, but not the folder itself.  

The next set of examples will revolve around copying data from a Remote Source to a Local Destination.  The main difference here is that the source of the files or folders are now in a remote location, and the goal is to transfer them to your local machine.  Otherwise, the command structure is exactly the same, scp <source> <destination>.

Remote to Local (single file):

Syntax:  scp <remote_IP>:<remote_path> <local_path>

Example:  scp .

Example:  scp $HOME

Remote to Local (multiple files):

Syntax:  scp <remote_IP>:<remote_path/"{testFile1,testFile2,testFile3}"> <local_path>

Example:  scp*.txt /home/user1/

Example:  scp"{testFile1,testFile2,testFile3 }" /home/user1/

Remote to Local (Folder):

Syntax:  scp -r <remote_IP>:<remote_path> <local_path>

Example:  scp -r /root/

Example:  scp -r*.html /root/testFolder/

For those who learn better using audio-visual methods, there is a Secure Ideas video walkthrough of some SCP examples, which can be found here, Working with SSH - Webcast If you’re interested in security fundamentals, we have a Professionally Evil Fundamentals Youtube channel that covers a variety of technology topics.   Finally, if you’re looking for a penetration test, training for your organization, or just have general security questions please Contact Us.


Join the professionally evil newsletter