Bash Secure Copy (scp)

Common SCP Commands

scp file.txt user@server:/path/

scp user@server:/file.txt .

scp -r folder/ user@server:/

scp -i key.pem file user@server:/

🔹 Upload Files to Remote Server

To copy a file from your local machine to a remote server, SCP uses the syntax: scp local_file.txt user@remote_host:/remote/path/. During the transfer, SCP provides progress information including the filename, percentage transferred, speed, and estimated time remaining. This immediate feedback is helpful for large files. The command uses SSH for the underlying secure connection, meaning it leverages your existing SSH configuration, keys, and known hosts. It's a straightforward and secure method for one-off file uploads to servers, cloud instances, or development environments.

# Upload single file
scp document.pdf [email protected]:/home/user/

# Upload to specific directory
scp report.txt [email protected]:/var/www/html/

# Upload multiple files
scp file1.txt file2.txt [email protected]:/backup/

🔹 Download Files from Remote Server

Downloading a file with SCP simply reverses the order: specify the remote source first, then the local destination. For example: scp user@remote_host:/remote/path/file.txt . downloads the file to your current directory (denoted by the dot). You can also specify an explicit local path: scp user@host:~/log.txt /local/backups/. Like the upload operation, the transfer is encrypted over SSH and shows progress. This makes SCP a reliable go-to tool for securely retrieving logs, backups, configuration files, or any other data from a remote system.

# Download to current directory
scp [email protected]:/home/user/file.txt .

# Download with new name
scp [email protected]:/logs/app.log ./local-app.log

# Download from specific path
scp [email protected]:/var/backup/data.zip ~/Downloads/

🔹 Copy Directories Recursively

To transfer an entire directory tree—including all subdirectories and files—use the SCP -r (recursive) flag. The command scp -r local_directory/ user@remote_host:/remote/path/ uploads the entire directory structure. Similarly, scp -r user@host:/remote/dir/ ./local_copy/ downloads it. SCP preserves basic file permissions and timestamps during the recursive copy (more reliably with the -p flag). This is essential for backing up website directories, transferring project codebases, or moving complex data sets when a full directory copy is required.

# Upload directory to remote
scp -r /local/folder/ [email protected]:/remote/path/

# Download directory from remote
scp -r [email protected]:/remote/folder/ /local/path/

# Copy directory with all contents
scp -r ~/projects/website/ [email protected]:/var/www/

🔹 SCP with Custom Port

When connecting to an SSH server configured to listen on a non-standard port (not 22), use the -P PORT option (note: capital P). For example: scp -P 2222 file.txt user@host:/tmp/. This is a common security practice to reduce automated bot scans on the default port. It's crucial to remember that SCP uses -P for port, while the SSH command uses lowercase -p. Failing to specify the correct port will result in a connection timeout, as SCP will attempt to connect to the default port 22, which is likely blocked or not in use on the target server.

# Upload using custom port
scp -P 2222 file.txt [email protected]:/path/

# Download using custom port
scp -P 8022 [email protected]:/file.txt .

# Copy directory with custom port
scp -P 2222 -r folder/ [email protected]:/backup/

🔹 SCP with SSH Keys

For password-less and more secure authentication, SCP can use SSH key pairs via the -i /path/to/private_key option. This is mandatory for many cloud servers (like AWS EC2) that disable password authentication by default. First, ensure your public key is installed in the remote user's ~/.ssh/authorized_keys file. Then, specify the corresponding private key: scp -i ~/.ssh/my_aws_key.pem file.txt ec2-user@ec2-host:/home/. This method is not only more secure but also enables seamless automation in scripts and CI/CD pipelines without interactive password prompts.

# Upload with SSH key
scp -i ~/.ssh/id_rsa file.txt [email protected]:/path/

# Download with PEM key (AWS)
scp -i mykey.pem [email protected]:/logs/app.log .

# Copy directory with key
scp -i key.pem -r folder/ [email protected]:/backup/

🔹 Preserve File Attributes

The SCP -p flag (lowercase, for preserve) retains the original modification times, access times, and file modes (permissions) of the transferred files. Using scp -p file.txt user@host:/tmp/ ensures the copied file's timestamp on the destination matches the source. This is important for archival purposes, for maintaining correct file order, or when the timestamps are meaningful for application logic (e.g., build artifacts, logs). Without this flag, the copied files receive new timestamps corresponding to the moment of transfer, which can be misleading.

# Preserve timestamps and permissions
scp -p file.txt [email protected]:/backup/

# Preserve with recursive copy
scp -rp /local/folder/ [email protected]:/backup/

# Preserve with key authentication
scp -p -i key.pem file.txt [email protected]:/path/

🔹 Limit Bandwidth Usage

To prevent SCP from consuming all available bandwidth, use the -l LIMIT option, where LIMIT is specified in Kbit/s (kilobits per second). For example, scp -l 800 large_file.iso user@host:/ limits the transfer speed to approximately 100 KB/s (since 800 Kbit/s = 100 KB/s). This throttling is useful when transferring large files over a shared network link, ensuring that other critical services like VoIP, video conferencing, or general browsing remain responsive and are not starved for bandwidth by the file copy operation.

# Limit to 1000 Kbit/s (125 KB/s)
scp -l 1000 largefile.zip [email protected]:/backup/

# Limit bandwidth for directory
scp -l 2000 -r folder/ [email protected]:/path/

# Combine with other options
scp -l 1000 -p -i key.pem file.txt [email protected]:/