How-To Guides and Blog

How To Securely Copy Files Between Systems In Linux

NBH Support
No Comments

The ssh command is a useful tool for remotely having access to a system through a client-server authentication. Build inside the ssh tool is the scp command for securely transferring files between servers. The scp command is so secured that it encrypts your files and password so that no one can snoop to obtain delicate information. While transferring files with scp command, you don’t necessarily have to start the FTP session.

Another important aspect of your scp command is that you can transfer files from a remote server to a local machine or from your local machine to your remote servers.

This article is to help newbies on various commands needed to transfer files between a remote system to local machines vice versa. So, therefore, I will keep the tone conversational and as simple as possible.


To copy files using the scp command, you must specify the source and destination of the files. The location of the remote file is always specified in the format [[email protected]]host:/path for the source and destination of the files to be transferred. Specifying the username in the command is optional as when it is not specified, the scp command uses the current user that invoked the command.

Before making any transfer using the scp command, the user must authenticate to the remote system using the ssh authentication key or password.

First, let’s know the simple scp command syntax

scp [[email protected]: PathToSourceFile] [PathToHostDestination]

So, let’s get started by giving a simple try

The example above shows how to successfully copy files to a remote server using the scp command. In the first command, we copied a single file /var/log/messages to the remote server’s desktop. In the second command, we copied multiple files /var/log/messages and /var/mail/mail to the remote server’s desktop. However, this example demonstrates how to copy a file from a local machine to a remote server.

We can also copy files from the remote server to a local machine as seen below

To copy the entire directory tree recursively, we will have to specify the –r option. All copied files retained their permissions and you must be the root user to be able to have all privileges to those files. In the command below, we copied the entire directory of /etc from a remote system to a local machine by specifying the –r option to achieve that


The SFTP command is also known as a secure file transfer protocol. It works similarly as the FTP but differs in security features it offers while transferring files between remote systems. It uses a secure authentication mechanism and encrypted data to share files and traverse through file systems between the local and the remote machine.

Now here comes the two things you need to know between the FTP and SFTP. In terms of security, SFTP is the best. The FTP is an insecure connection that should only be used when transferring files between trusted networks or transferring common files that are not sensitive.

Since SFTP uses an SSH connection to secure its file transfers, the same authentication method present in SSH is also available in the SFTP. So, you have the option to use either the password or the SSH-Key based authentication to have access to the remote system. However, it is preferable to use the SSH-Key based authentication for security and ease of access to the system.

To initiate the SFTP session, the SFTP expects the remote location to be in the format [email protected] Where the part that has the [email protected] holds the username of the user authenticating to the system, it is optional to include the username in the command, but if it is missing, the user invoking the sftp command is used by default.

In the below command, I’m logged in as the root user, and the sftp is expected to use the root user to invoke the command by default. You can choose a different method by specifying the username as mentioned above.

First, to use the sftp command, check if you can log in to the remote system using the ssh command. Once done, type exit to leave the ssh session and invoke the sftp command.

Now we are in the sftp session. First, I tested to see if I can ssh to my remote server using password as a means of authentication, then exit, and invoked the sftp command. Please remember to exit from the ssh session before invoking the sftp command

While in the sftp session, you have various available commands you can use to workaround on the remote system. There are the ls, pwd, mkdir, rmdir, and cd command and many more. In addition to that, you also have the widely used option such as the get and put command to download and upload files. To leave the sftp session, you can type the exit command


The first thing to learn first is how to get help while in the sftp session. It gives you access to the summary of the sftp help and available commands you can use in the sftp session.

To get help, you type the help command or just the question mark symbol (?) on the command line


You can navigate through the file system hierarchy using various commands that function similarly like their shell counterpart

First, let’s view our current working directory before trying other commands on how to navigate through file system paths

You can enter the ls command to view the content of the current working directory

To switch to a different directory, you can use the cd command

So far, we have been able to traverse through file system hierarchy; there is this other option available that you need to know on traversing through paths. You might also want to access the local file system. To go about that, you proceed the commands with an “l” for local.

For example,


Other functions are more like useless if files can’t be transferred between systems. To transfer files between systems in the sftp session is called the downloading and uploading process which is more like copying files from a remote system to a local system as in the case of sftp


First, let’s get familiarized with how to download files from a remote system using the get command

This will transfer the file /etc/chrony.keys to the current directory of the local system.

You can also choose to transfer the files by specifying it on the command. This will automatically create a new file and transfer the content to the files


If you try to use the same method of downloading files to downloading directories, the system will throw an error message “Not a regular file.” To download a directory, you add –r option to the get command as seen below

You may also want to retain the permissions of the transferred files. To go about that, you will append the –p or –P option to the –r option.


To transfer files from the local system to the remote system, we use the put command. it works the same way with the get command.

Now, let’s give a simple command on how it works; you can also surf around different functions following the procedure given in the get command.

You can also download files with the same method as in the get command by appending –r option in the command


Another way to securely copy files and directories between two hosts or local systems is by using the rsync tool. The rsync tool is different from the scp command in such a way that the rsync command only copies difference in two files if similarities exist and not all the files as seen in the scp command.

One of the importance of the rsync command is efficiency and security while copying files between systems. It is important to use the –n option while copying files to perform a dry run which will prevent crucial files from getting overwritten

Please, before we begin, you will need to grab somethings for a better understanding of the rsync command.

The rsync command copy and sync;

Files to/from another host over any remote shell such as ssh

Files through rsync daemon using a TCP connection

Files that do not exist on the remote host and do not copy files that are the same to the remote host

Files that have been updated. Only the changed part will be copied

Also, you will need to know the basic options required to use the rsync command efficiently. The two most valuable options are the –a for archive mode and the –v option for verbosity to the output. The –a option can also be used alongside with the following options

-p option: To preserve files and directories permissions

-l option: To synchronize symbolic links

-t option: To preserve timestamp

-g option: To preserve group ownership

-o option: To preserve the file owner

-r option: To synchronize the entire directory recursively

-D option: To synchronize device files

-H option: To preserve hard links

Please note that the –a option will not synchronize SELinux file context or the ACLs. To go about this, you need to append the –A option alongside with the –a option to enable the synchronization of ACLs and –X option to enable the synchronization of SELinux context.


The rysnc command can act as the usual ls –l command when the source is specified with a leading slash.

Now let’s go about practicing how this commands and the various options works. Let’s go with the simple command on how to list contents of a directory using rsync.

When the /etc directory does not proceed with a slash, the command returns the permission of the directory and the total count of the content in that directory as seen below


If neither the source and destination path specifies the remote host machine, the rsync command behaves like the copy command when copying files locally in Linux systems.

There are two things to note here if the source path specified is a directory and does not proceed with a slash, the directory will be created in the destination source, and all the content will be copied in that created directory. For example, if I copy /etc directory to /document, the /etc directory will be created in the /document as a subdirectory, and all its content will be copied inside of it

Let’s take a look at a practical example

In the example above, I created a directory “document.” On the Linux desktop and I copied the /etc directory to it. You can see below the /etc directory being created in the document

The reverse of not specifying the leading slash will copy only the content of the source directory to the newly created directory as also seen below

The command below is the result of the command above


As mentioned earlier, rsync can copy and sync files and directories either through a remote shell such as the ssh or through TCP connection. We will be focusing on using ssh to syncronize file transfer in this article. Meanwhile, the rsync command is similar to the scp command as both require a remote connection to a remote system. They both use the format user [@host:/path]. When the [email protected] is not present, the rsync uses the user who invoked the command to act on the operation.

They are lots of options available while using the rsync command and all should be accompanied with the –a option.

So, here we will be looking at basic options while you can always practice with the rest of the options combination if the need comes

In the command above the /var/log/messages get a synchronized copy from the remote machine to the /root/Desktop on the local machine

We can also copy files from the local machine to the remote machine as seen below

Please note that when copying files with rsync, it is important to remember that a trailing slash on the source directory name matters. Also, be aware of the Tab completion key, as it will automatically add a trailing slash to the end of the directory name.


Please read every single step of this article and get used to the different method of securely transferring files. Basically, what was presented in this article are the use of scp, sftp, and rsync command, and you are meant to know how these tools differ from each other.

They are other options mentioned that are not practically demonstrated in this article, but they are all easy to implement; you have to add them as part of your options depending on how you want your files to operate.

I know you might be wondering how to get all these tools installed on your systems. You don’t have to install the scp, sftp and rsync package in your system, they all come along with the OpenSSH package. So, you should have it all installed if you are already running the ssh tool in your Linux system

You have any confusion or need to add to the article; you can drop a comment below

Manpage rsync

Man page scp

Man page sftp

Red Hat Administration I Course module