Tips and Tricks for SSH and SCP

In this post, I’m going to cover SSH Client, and the way I use it. I will try to cover SSH Daemon (server) in one of next few posts.

Edit: SSH Daemon (server) is covered in next post.

Audience

This post is for anybody who has at least some knowledge of Linux and command line.

If you’re comfortable with the command line, you can skim through the command line samples, but my guess is that you won’t find this post that much useful.

Requirements

For experienced users, you can skip the requirements.

Note: Throughout this post, I’m not going to hold your hand for every step. If you get stuck at something, do a little bit of research on your own. This way you’ll learn the most.

For beginners, I suggest you use a Virtual Machine (VM) for testing and experimenting the samples from this post. I usually use Ubuntu Server LTS for VM. It comes without graphical interface, just with command line. You will use this VM as SSH Daemon (this is server, which SSH Client connects to), and your main OS as SSH Client. For the SSH Client, if you are using Linux or MacOS as your main operating system (OS), you don’t need any 3rd party programs. If you’re using Windows, people suggest using PuTTY, which I haven’t personally used.

On the VM, install OpenSSH (sudo apt install openssh-server) and run the sshd (sudo service sshd start). To get the IP address you’re going to log in to, just type ifconfig, and you’ll probably see a row with something like:

inet addr:192.168.0.5  Bcast:192.168.0.255  Mask:255.255.255.0

Introduction

SSH and SCP are commands/tools that I use very often at work. SSH stands for “Secure Shell”, while SCP stands for “Secure Copy”. SSH is a network protocol, connecting SSH Client (which we’ll cover in this post) and SSH Server (Daemon) and providing a secure channel over an unsecured network. This means that you can connect to a remote machines command line (or send commands) in a secure way. This is done with public-key cryptography.

You can use password for logging in to remote server, or generated public/private key.

To log in into the server, it’s as simple as typing:

$ ssh ubuntu@192.168.0.5
ubuntu@192.168.0.5's password:
Welcome to Ubuntu 16.04.4 LTS (GNU/Linux 4.4.0-116-generic x86_64)
ubuntu@ubuntu:~$

And you should provide the password. Now you’re connected to the remote machine like it’s right there in front of you. Notice that I’m using user ubuntu which is a user from my server located at 192.168.0.5 (which we’ve got from the requirements section when we typed ifconfig command).

SSH Client Configuration

In one of my previous posts (Make Use of alias Command), I’ve written how I’ve used alias for mapping servers. But I’ve found a reason not to do that anymore, and it was because of SCP (which we’ll cover later in this post). So you can use for example alias ssh-ubuntu='ssh ubuntu@192.168.0.5', but once you use a function that changes the colors of terminal once you are on a remote server, you will change it to alias ssh-ubuntu=ssh-server ubuntu@192.168.0.5 Ubuntu. Then when you want to use SCP, you have to find the server address (if it has fixed IP address), you have to do something like alias | grep ubuntu to filter from all aliases which of the server you’re looking for, and then type scp some-file.txt ubuntu@192.168.0.5:/home/ubuntu/ to copy a file over the network, it get’s too complicated. Simpler way is to use ~/.ssh/config file, and populate it with information of servers you’re using, for example:

Host server1
    Hostname 192.168.0.5
    user ubuntu

Now you can ssh just typing ssh server1, or in my case ssh-server server1 Ubuntu (the Ubuntu part is second parameter to a function ssh-server, you’ll see the function in a minute). For scp to server, instead of scp some-file.txt ubuntu@192.168.0.5:/home/ubuntu/, I just type scp some-file.txt server1:/home/ubuntu/.

You can make configuration in ~/.ssh/config for as many servers as you’d like.

You’ll see that every time you ssh into a machine, you need a password. Use the users password from that machine, for me, it’s usually username “ubuntu” and password “ubuntu”. This is of course for local VMs. Don’t use something like that on remote servers.

Terminal Configuration

For the terminal, I use iTerm2 - which is a terminal for macOS. In it, you can make profiles, and use different settings for different profiles. One of the settings I use is changing tab and cursor color. This way, I know that I’m on another machine. For that I use a function ssh-server (which uses setProfile function), and it looks like this:

function setProfile {
  PROFILE=$1;
  if [ -z "$PROFILE" ]; then
    PROFILE="Default";
  fi

  echo -e "\033]50;SetProfile=$PROFILE\a"
}

function ssh-server {
    SERVER=$1
    PROFILE=$2
    setProfile $PROFILE
    ssh $SERVER
    setProfile
}

So, the setProfile function sets the iTerm2 profile, while ssh-server uses it. So to break down the ssh-server function, you take the first and second parameters (server1 Ubuntu are parameters in one of previous examples), then you set the profile to one you chose (in my case that’s Ubuntu), then login to server from first parameter (this can be the server from your ~/.ssh/config file or ubuntu@192.168.0.5 style server). Once you log out of the server, the Default profile will be set.

The Ubuntu is one of three profiles I have. The first one is Default, which is in some darker color. Next is Ubuntu, which is the same as Default, but cursor and tab are in orange colors (#E95420). And there’s Production profile, which is again, the same as Default, but the colors are red for cursor and tab (#FF0000).

SSH practical usages

For now, I’ve been using SSH as remote terminal, shown previously. The next example is executing a command over SSH. Basically, you do everything the same as before (ssh server1), but now you add a command at end, for example ssh server1 'echo Hello world', You will get the output of the command executed on the remote machine, which can be done with any command that remote machine recognizes. This way, you can execute a script on a server, get some information, or do something else.

One more use case that I know of is tunneling, but I haven’t used that, so you might do a little research about that.

Using SCP

Unlike SSH, which can be used for few different things, SCP command does only copying from and to the server. To use it, you should just specify what you want to send and that’s it. It’s similar to cp command on Linux/macOS.

# send files to server
scp file.txt ubuntu@192.168.0.5:/home/ubuntu
scp file.txt server1:/home/ubuntu # uses server1 from ~/.ssh/config

# get file from server into current directory
scp ubuntu@192.168.0.5:/home/ubuntu/file.txt .
scp server1:/home/ubuntu/file.txt . # uses server1 from ~/.ssh/config

If you want to send/get everything from one directory (and subdirectories), you can use flag -r, which sends/gets everything recursively.

Note: If you’re going to transfer huge amount of files, you might benefit from zipping everything first, and then sending/getting just that zip. This is especially important if you’re not in the same region the server is, since TCP connection will work a bit slower. In one case, I’ve downloaded about 10.000 files, it took about 4-5 minutes, then I figured to download them zipped, which took about 5 seconds.

Conclusion

Now you probably know a bit (more) about SSH client, and how to use SCP. In one of next posts I’ll write about sshd, so you know how to setup the server side too for better security.

Edit: SSH Daemon (server) is covered in next post.


You can follow me on twitter.