Securing Infrastructure Access at Scale in Large Enterprises
Dec 12
Virtual
Register Now
Teleport logo

Home - Teleport Blog - Teleport Files - Jun 30, 2023

Teleport Files

Teleport Files with SCP

In this blog post, we’ll cover how to transfer files from one server to another. At Teleport we’ve covered the progression of technology used to transfer files — from SCP - Familiar, Simple, Insecure, and Slow to using SFTP. In this blog post, we’ll show you how to transfer files using Secure Copy Protocol (SCP) in 2023, which under the hood is actually SFTP, OpenSSH & open-source Teleport changed the underlying technology in OpenSSH 9 and Teleport 11.

We’ll provide examples for both scp – OpenSSH secure file copy and tsh scp - Teleport secure file copy.

How to SCP a file?

SCP is a Linux command line tool that allows you to securely copy files and directories between two computers. SCP can be a little tricky, but it’s a simple and powerful way to transfer files. If you’re familiar with ssh, using SCP is the same. We assume that you’ve configured your ssh_config and have the correct credentials to access servers.

$ scp [options] [user@]host:[path] [user@]dest_host:[path]  

The UX to copy with Teleport follows the same pattern.

$ tsh scp example.txt [user]@host:/path/to/dest

Copy a local file to a remote system with the SCP command

Another common task is to copy local files to a remote system. An example for how to do this is below with OpenSSH.

Teleport SCP follows the same UX.

tsh scp example.png [email protected]:/home/ubuntu

Teleport provides two other ways to copy a local file to a remote system:

  1. Teleport UI: The Teleport UI is handy for uploading files from a system as it also supports drag and drop.
terminal
terminal
  1. Teleport Connect: Teleport Connect is a graphical user interface for Teleport that runs on Mac, Linux and Windows. This is another handy tool for quickly uploading local files to a remote server.
connect upload
connect upload

Copy a remote file to a local system using the scp command

Next up on common SCP tasks is copying files from a remote system to a local system. For example, pulling some production logs to query locally. This can be a little confusing since you execute the command on your local machine to initiate the copy locally.

scp username@remote:/file/to/send /Users/[local-user]

Teleport SCP follows the same UX.

tsh scp username@remote:/file/to/send /Users/[local-user]

Teleport provides two other ways to copy a local file to a remote system:

Teleport UI:

download files with teleport ui
download files with teleport ui

Teleport Connect:

download with scp
download with scp

Copy a file between two remote systems using the scp command

Another common task is the ability to copy files between remote systems. There are a couple of options. One is to use agent forwarding, but we would recommend using this cautiously as outlined in our blog post How to Use SSH Agent Safely.

Another option is to copy the file through your local machine using the -3 flag.

scp -3 user@remote:/path/to/file user@remote:/path/to/file

Via the SCP Man page man scp

SCP -3

Copies between two remote hosts are transferred through the local host. Without this option, the data is copied directly between the two remote hosts. Note that when using the legacy SCP protocol (via the -O flag), this option selects batch mode for the second host as scp cannot ask for passwords or passphrases for both hosts. This mode is the default.

When using tsh scp, you can copy a file between two hosts by transferring the file via your local machine.

tsh scp user@remote:/path/to/file file
tsh scp file user@remote:/path/to/file

This has a few downsides. For example, it still needs to route through a developer's machine, taking up bandwidth, time, and resources. As a solution, Teleport has created a new secure method for remotely executing SCP without agent forwarding. This is completed with the new headless command.

tsh scp –headless largefile.tar.gz user@remote:/home/ubuntu

This feature has a few benefits:

  1. It’s faster since the connection is directly via host to host.
  2. It’s more secure since the approval requires a strong 2nd factor via webauth / passwordless. This makes it impossible to phish/execute the command by the wrong person.
  3. Since the transaction occurs via Teleport's proxy, an audit log of events is recorded.

SCP Key takeaways

In conclusion, this blog post provides an in-depth look into the evolution of file transfer technologies from SCP to SFTP and the innovative solutions Teleport has developed. The guide illustrates the use of the scp and tsh scp commands for different tasks and highlights Teleport's enhancements such as the ability to use hostnames, labels and a user-friendly GUI. With its new headless command, open-source Teleport offers a faster, more secure method of file transfer that bypasses the need for agent forwarding and also maintains an audit log, thus representing a significant leap forward in server file transfer technology.

Featured in This Article

Secretless Server Access

Prevent phishing attacks, meet compliance requirements, maintain a live catalog of all trusted devices, and have complete visibility into live and past sessions.

Tags

Teleport Newsletter

Stay up-to-date with the newest Teleport releases by subscribing to our monthly updates.

background

Subscribe to our newsletter

PAM / Teleport