Connecting to your Linux box via Windows can always be a bit tricky. Almost everyone uses SSH to execute remote commands on the server, but what if you just want to connect and manage files? I’ve written before about how to use FTP and SSL/TSL FTP, but many people find the FTP protocol inherently insecure. Throw in the overhead of virtual users, and an additional service running on the Linux server, and it’s understandable to see why FTP protocols are falling out of favor.
In this article, I’ll talk about how to connect to Linux using WinSCP – the popular Windows software – over SSH using the “SCP” option. SCP is merely a way to transfer files, so WinSCP has to actually do a lot more work. It needs to list directories, manage permissions, be able to create and delete etc.
Moreover, I’ll show you how to connect using both passwords as well as certificates. The good news is that if you’re already using PuTTY to connect to a remote Linux box via SSH, then everything is set up for you. If not, I’ll show you how to do that as well.
Before we proceed, make sure that you’ve downloaded and installed WinSCP first.
Using Passwords to Connect to Linux using WinSCP
Connecting to Linux via a password is ridiculously easy in WinSCP. After you start it up, click “New Site” on the left panel. The right hand side will hold the details. Enter them as below:
A few important points:
- First, select the “SCP” option for the file protocol.
- Second, if you’ve changed the SSH port as a recommended security measure, enter it in the “Port number” field. By default, SSH uses port number 22. I’ve changed this to 2222 instead.
- Finally, enter the Linux username and password. This is the user you want to browse files under. The first time you connect, you will see a message like this:
This is because you’re connecting to the server for the first time. You won’t see it on subsequent visits because it’ll be stored in cache. Simply click “Yes”, and you’re done. WinSCP will connect to your server and you’ll be able to browse and transfer files, and manage directories just like with FTP.
Connecting Securely Without a Password
Just like a regular SSH connection, you can also use keys to login without a password. This requires a few steps up front, but you’ll never have to enter passwords again, or store them in plain sight on WinSCP.
Generate the Keys. Download the Private Key:
If you’re already connecting to Linux via Putty keys, then you’re almost done. However, if you haven’t yet generated the keys on your server, follow steps 2, 3, and 4 in this tutorial. For Step 4, instead of using the “pscp” program, you can just use WinSCP as set up in the previous section of this article. Step 4 consists of downloading the private key on the server onto your local desktop machine
There’s one thing to keep in mind. Keys are user specific. So you need to perform steps 2, 3, and 4 as noted above while being logged in as the user you want to use as WinSCP. So if you generate the keys as root, you won’t be able to use them to log in as a non-root user.
Convert the Private Key into a PuTTY File:
In order to use the private key file you just downloaded, you need to convert it into a PuTTY file. Follow the instructions in Step 6 in this article in order to do that. You can download the puttygen program from this page. At the end of it, you should have a file ending in “ppk”.
If you’re already using keys with PuTTY, you will have the private key ppk file already sitting on your local machine.
In order to use this ppk file with WinSCP, click the “Advanced” button on the session configuration screen like this:
Note that I’m logging in as “root”, because my keys were generated using the root login. In the “Advanced” options, select the “Authentication” parameter under the “SSH” tab as shown here:
As shown above, select the private key .ppk file that you just generated via puttygen. This will allow you to connect to Linux using WinSCP without a password. Save your changes and attempt to connect. You’ll get a connection progress screen like this:
Once the connection has been established, you can now connect to WinSCP to download and manage files and directories. Both with and without a password!
Transferring Files Between Linux Servers using SCP
Using the above technique works great for transferring files to and from a Windows machine to Linux using WinSCP. But did you know that you can also use SCP for file transfers between Linux systems themselves using the command line? In this section of the tutorial, I’ll show you how to:
- Transfer a Remote file to a local server;
- Transfer a local file to a remote server;
- How to specify the port for the remote server;
- How to use private keys instead of passwords.
In the following examples, I have two servers. Server 1 has a file called “file_server1.txt”.
Server 2 has a file called “file_server2.txt” as shown below:
Remote to Local File Transfer:
To transfer a file from a remote server to your local current directory, use the following command:
scp [remote_username]@[domain name OR IP address]:file_server2.txt .
Replace [remote_username] with the user you want to log in as to the remote server. And replace [domain name OR IP address] with your remote server’s IP address or domain name.
In the above example, I’m making a connection between the two servers for the first time. This means I’ll get a warning that the remote host authenticity can’t be relied on and it’ll add the server signature to the list of known hosts. So the next time you make a connection, it won’t come up again.
Then you’ll be prompted for the remote host’s password and once that’s done, the file will be transferred. You can see that “file_server2.txt” is now available on the very first server.
Local to Remote File Transfer:
In the same way, we can transfer local files to remote servers using the following command:
scp file_server1.txt [remote_username]@[domain name OR IP address]:
I’m currently using server 1 to transfer “file_server1.txt” to server 2. Make the replacements in bold as before. If you want to place the file in a specific directory on the local server, you just need to specify the directory after the “:” in the above example. You can see how this works here:
And the file has been transferred over as expected:
This completes the basics of using SCP to transfer files between Linux servers.
Specifying the Port for the Remote Server:
As part of your security measures, you may have changed the SSH port used to connect to your remote server. To specify this, use the “-P” command like this:
scp -P 2222 [remote_username]@[domain name OR IP address]:file_server1.txt .
Unlike the regular ssh command which uses a “-p” with a smaller case, the scp command uses it capitalized (-P).
Here, I first try and connect without the parameter. I get a “connection refused” message as expected. Then I use the port number parameter and it works fine:
Using Private Keys without Entering a Password:
It can get annoying to enter your password each time you make an SCP connection to a remote Linux server. Luckily, we can do away with passwords entirely using public and private keys. To do this, you need to log in to your remote server, and follow steps 2, and 3 in this tutorial here. Step 2 will give you a private key called “id_dsa” or “id_rsa” depending on the encryption used. This is called a private key and you need to bring it onto your local server. From here, we can specify the location of the private key within the “scp” command.
Once you have the private key on your local machine, make sure it has the proper permissions using the following command:
sudo chmod 600 id_dsa
Without this, the key will be deemed too insecure. You might have to specify the path to where you placed the private key. In my example, I’ve simply put it in my local folder for demonstration. Now use the following command to connect to your remote server by specifying the private key:
scp -P 2222 -i id_dsa [remote_username]@[domain name OR IP address]:file_server1.txt .
In the above example, replace “id_dsa” with the name and location of your private key. This works as shown below:
You can see that this time, you’re not asked for the password. The transfer is carried out automatically without any further action or confirmation on your part. This is the preferred way to connect – especially if you have disabled root logins with passwords as shown in Step 5 of this tutorial.
And there you have it! A complete tutorial on using SCP to transfer files both using Windows, as well as Linux. With passwords and without.