Linux Commands

scp using pem file

I was asked how to transfer files using scp without a password using a pem file for authentication. After reading this tutorial, you’ll know how to generate an SSH key and convert it to a pem file to download or upload files using the scp command.

If you already have your .pem key, you can jump to the Using scp with pem section.

Generate a pem key for scp:

To begin, let’s generate the ssh key pair by running the command below.

ssh-keygen

Execute the following command to create the .pem file.

ssh-keygen -f ~/.ssh/id_rsa -e -m pem

Once created the key pair, copy the public key to the server you want to connect to using a pem file for authentication by running the command below. Replace the username “kali” with your username and the IP address with your server IP.

ssh-copy-id kali@192.168.1.100

After running the command above, a file named pk_dsa.pem should be created within your home .ssh directory.

Now you are ready to download and upload files with scp using a pem file.

Upload file or directory using scp with pem:

To use the scp command with a key pair, you need to implement the -i (Identify file) flag.

In the first example, I show how to upload a file named linuxhintsignal to the server 192.168.1.100.

As you can see in the image below, the scp command is followed by the -i flag and the pem file named pk_dsa.pem. Then the file to send is specified, followed by the remote username and server. The final colon after the IP defines the default path, which is the kali user home as the destination directory.

scp -i pk_dsa.pem linuxhintsignal kali@192.168.1.100:

As you can see, the file was uploaded properly within the remote user’s home directory (kali).

The following example shows how to upload a directory (named directory) to the subdirectory named dir, located in the remote home of the user kali.

As you can see, to upload directories recursively, you need to add the -r flag.

NOTE: I got an error I solved when trying to capture this example by specifying the .pem path (.ssh/pk_dsa.pem) as shown in the example below.

scp -r -i .ssh/pk_dsa.pem directory kali@192.168.1.112:dir

The directory is now under the target’s dir subdirectory.

Download file or directory using scp with pem:

In the previous example, the destination directory was defined at the end of the command. The destination directory must also be defined at the end of the command when downloading files, as shown in the following example. This is because scp was designed to be similar as possible to the regular cp command.

In the following example, the file linuxhintsignal is downloaded to the local /tmp directory defined at the command’s end.

scp -i pk_dsa.pem kali@192.168.1.112:linuxhintsignal /tmp

Downloading a directory recursively also requires the -r flag. The dir remote directory is downloaded to the current local directory, defined with a dot in the following example.

scp -r -i pk_dsa.pem kali@192.168.1.112:dir .

As you can see, the directory transference was done recursively.

Conclusion:

As you can see, using scp with a pem file is simple and just requires adding the -i flag.

Public key authentication has pros and cons when compared to password authentication.

In the first place, generated public keys are stronger than human passwords. Contrary to password authentication, when using a public key, your private key isn’t delivered to the server (the server sends the public key to the client), so it isn’t vulnerable for Man In the Middle attacks.

Many administrators choose password authentication because it is easy to share when compared to key pairs.

Thank you for reading this tutorial explaining how to use scp with a pem file; I hope it was useful. Keep following us for more Linux tips and tutorials.

About the author

David Adams

David Adams is a System Admin and writer that is focused on open source technologies, security software, and computer systems.