Securely Transfer Files Over a Virtual Private Cloud (VPC) with SCP or Rsync
When using commands like
rsync with the public IP address of your server, you will automatically transfer the files over the (public) internet. If you have have two instances with private networking enabled you can also transfer these files over the private network and prevent extra charges for the used bandwidth.
- Two instances (we'll call them
server_b) with private networking enabled
- Both instances should have private IP addresses configured in the same subnet (see Configuring Private Network)
- SSH connectivity should be possible between both instances
- A user which is not root (we'll call it
Generating and using SSH keys
Transferring files is possible using username and password authentication, but it's much safer to use SSH keys. The generation of the public-private key is described in How Do I Generate SSH Keys?. If you decide to skip this section then you'll have to enter the remote user's password in every command.
Assuming that the public-private key pair on
server_a is located in
~/.ssh/id_rsa, you can run the following command to transfer your public key to
server_b. Use the private IP address of
When prompted, give the password for
ssh-copy-id email@example.com /usr/bin/ssh-copy-id: INFO: Source of
key(s) to be installed: "/home/your_user/.ssh/id_rsa.pub" The
authenticity of host '192.168.0.101 (192.168.0.101)' can't be
established. ECDSA key fingerprint is
SHA256:g9dfqycqU25b567/HDjPTqaQqKhep/fysNCQAG9yJG4. ECDSA key
fingerprint is MD5:41:67:be:68:51:9b:38:a8:95:82:71:47:f1:35:39:66.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s),
to filter out any that are already installed /usr/bin/ssh-copy-id:
INFO: 1 key(s) remain to be installed -- if you are prompted now it is
to install the new keys firstname.lastname@example.org's password:
Number of key(s) added: 1
Now try logging into the machine.
Check to make sure that only the key(s) you wanted were added.
If you now SSH from
server_b, it will no longer ask for a password. In case the public-private key pair is not located in
~/.ssh/id_rsa then you can specify it's location with the
-i parameter (you will also need this parameter with the
ssh-copy-id -i /path/to/your/public_key email@example.com
ssh -i /path/to/your/private_key firstname.lastname@example.org
Transferring files with SCP
SCP stands for Secure Copy and it transfers all data over an SSH connection. To copy a single file,
server_a to the
/tmp directory on
server_b we can issue the following command.
scp ~./myfile email@example.com:/tmp
To copy a complete folder with all it's contents (including symbolic links) you can add the
scp -r ~./mydir firstname.lastname@example.org:/tmp
Transferring files with Rsync
Rsync is a versatile tool to copy files, it's most often used to synchronize the content of two locations. It uses the same secure SSH tunnel to transfer data. A complete folder can be synchronized to a remote
/tmp dir with the following command
rsync -av ~/mydir email@example.com:/tmp
-v option increases verbosity so that you can follow the progress of the transfer. The
-a option enables 'archive mode' which copies your files recursively while preserving attributes like owner, group and permissions.