If you want to copy a file between two remote systems using the Linux SCP command, there are a couple of things to take into consideration. SCP uses the SSH protocol to establish encrypted connections. When using SSH, remote systems can be accessed with a username and password or SSH Keys (public/private key pairs). The private method is generally preferable to the public one.
In the original version, in which a file is transferred from one remote system (host) to another host, the following process occurs:
- The user instructs the SCP tool on the local system to transfer a file from Host 1 to Host 2.
- The SCP program on the user’s local system opens a SSH connection to Host 1 and runs the SCP program located there.
- The SCP program on Host 1 opens an SSH connection to Host 2 and transfers the file saved on Host 1 to Host 2 as if it were a local file.
For this process to work, a public SSH key has to be deposited from Host 1 to Host 2. However, this means that Host 1 will have permanent access to Host 2 without any involvement from the user, which poses a security risk. This has given rise to the modern version of the process:
- The user instructs the SCP tool on their local system to transfer a file from Host 1 to Host 2.
- SCP opens one connection to Host 1 and another to Host 2.
- The file is routed through the local system and transferred to Host 2.
In this case, the user’s public SSH key is stored on Host 1 and Host 2. This will often already be the case, for example if the user is an administrator who has access to both hosts.