Use SSH-based tools to ensure the security of Linux network file transfer. Specific methods include: 1. Use SCP for simple encrypted transmission, support recursive copying and specifying SSH ports, but do not support breakpoint continuous transmission; 2. Use SFTP to achieve interactive reliable transmission, support breakpoint continuous transmission and remote file management; 3. Use Rsync over SSH to efficiently synchronize data, transfer only the change part, suitable for backup and unstable networks; 4. Follow best practices, including using SSH key authentication, disable root login, modifying the default port, verifying the host fingerprint, avoiding plaintext protocols and setting correct file permissions, thereby ensuring the security of transmission.
Transferring files over a network in Linux is a common task, but doing it securely is essential—especially when dealing with sensitive data or remote servers. Here's how to do it right, using built-in tools and best practices.
1. Use SCP for Simple, Encrypted File Transfers
SCP (Secure Copy Protocol) is one of the easiest and most widely used methods for securely copying files between Linux systems. It uses SSH for encryption, so no data is sent in plain text.
Basic syntax:
scp /path/to/local/file username@remote_host:/path/to/remote/directory
Example:
scp document.txt user@192.168.1.100:/home/user/
To copy from remote to local:
scp user@192.168.1.100:/home/user/file.txt /local/destination/
Tips:
- Use
-ito specify a private key if not using password authentication:scp -i ~/.ssh/id_rsa file.txt user@host:/destination/
- Use
-rto copy directories recursively. - Use
-P(uppercase) to specify a non-default SSH port:scp -P 2222 file.txt user@host:/destination/
SCP is simple and secure, but lacks advanced features like recovering interrupted transfers.
2. Use SFTP for Interactive and Reliable Transfers
SFTP (SSH File Transfer Protocol) runs over SSH and provides an interactive file transfer environment. It's more feature-rich than SCP.
Connect to a remote server:
sftp username@remote_host
Once connected, you can use commands like:
-
put filename– upload a file -
get filename– download a file -
ls,cd,lls,lcd– navigate directories -
mput,mget– transfer multiple files
Example session:
sftp user@192.168.1.100 sftp> cd /remote/dir sftp> put report.pdf sftp> get log.txt sftp> exit
Advantages:
- Supports recovering interrupted transfers.
- Allows file management (rename, delete, etc.).
- More reliable for unstable connections.
Like SCP, SFTP uses SSH, so it's encrypted by default.
3. Use Rsync over SSH for Efficient and Secure Syncing
Rsync is ideal for synchronizing files and directories, especially when you want to minimize data transfer by only sending changes.
Basic secure syntax (using SSH):
rsync -avz -e ssh /source/directory/ user@remote:/destination/
-
-a: archive mode (preserves permissions, symlinks, etc.) -
-v: verbose output -
-z: compress data during transfer -
-e ssh: forces rsync to use SSH
Example:
rsync -avz -e ssh ~/Documents/ user@192.168.1.100:/backup/Documents/
Why rsync is great:
- Only transfers changed parts of files.
- Can resume interrupted transfers with
--partial. - Excellent for backups and mirroring.
- Works well over slow or unreliable networks.
You can also combine it with SSH keys for passwordless automation.
4. Best Practices for Secure File Transfers
Even with encrypted tools, security depends on how you use them.
Follow these guidelines:
? Use SSH key authentication instead of passwords
Generate SSH keys withssh-keygenand copy the public key usingssh-copy-id. This reduces the risk of brute-force attacks.? Disable root SSH login and use non-default ports
Edit/etc/ssh/sshd_config:PermitRootLogin no Port 2222 # instead of 22
Then restart SSH:
sudo systemctl restart sshd? Verify host authenticity
Always confirm the server's SSH fingerprint on first connection to avoid man-in-the-middle attacks.? Avoid insecure protocols like FTP, TFTP, or HTTP
These send data in plain text. If you must use them, wrap them in a VPN or avoid sensitive data.? Set proper file permissions after transfer
Usechmodandchownon the destination to ensure files aren't world-readable.
For most users, SCP is fine for one-off transfers, SFTP for interactive work, and rsync over SSH for syncing or backups. All are secure when SSH is properly configured.
Basically, stick to SSH-based tools, use key authentication, and keep your system updated—then your file transfers will be both fast and secure.
The above is the detailed content of How to Securely Transfer Files over a Network in Linux. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
Install LXC (Linux Containers) in RHEL, Rocky & AlmaLinux
Jul 05, 2025 am 09:25 AM
LXD is described as the next-generation container and virtual machine manager that offers an immersive for Linux systems running inside containers or as virtual machines. It provides images for an inordinate number of Linux distributions with support
Clear Linux Distro - Optimized for Performance and Security
Jul 02, 2025 am 09:49 AM
Clear Linux OS is the ideal operating system for people – ahem system admins – who want to have a minimal, secure, and reliable Linux distribution. It is optimized for the Intel architecture, which means that running Clear Linux OS on AMD sys
How to create a self-signed SSL certificate using OpenSSL?
Jul 03, 2025 am 12:30 AM
The key steps for creating a self-signed SSL certificate are as follows: 1. Generate the private key, use the command opensslgenrsa-outselfsigned.key2048 to generate a 2048-bit RSA private key file, optional parameter -aes256 to achieve password protection; 2. Create a certificate request (CSR), run opensslreq-new-keyselfsigned.key-outselfsigned.csr and fill in the relevant information, especially the "CommonName" field; 3. Generate the certificate by self-signed, and use opensslx509-req-days365-inselfsigned.csr-signk
How to extract a .tar.gz or .zip file?
Jul 02, 2025 am 12:52 AM
Decompress the .zip file on Windows, you can right-click to select "Extract All", while the .tar.gz file needs to use tools such as 7-Zip or WinRAR; on macOS and Linux, the .zip file can be double-clicked or unzip commanded, and the .tar.gz file can be decompressed by tar command or double-clicked directly. The specific steps are: 1. Windows processing.zip file: right-click → "Extract All"; 2. Windows processing.tar.gz file: Install third-party tools → right-click to decompress; 3. macOS/Linux processing.zip file: double-click or run unzipfilename.zip; 4. macOS/Linux processing.tar
7 Ways to Speed Up Firefox Browser in Linux Desktop
Jul 04, 2025 am 09:18 AM
Firefox browser is the default browser for most modern Linux distributions such as Ubuntu, Mint, and Fedora. Initially, its performance might be impressive, however, with the passage of time, you might notice that your browser is not as fast and resp
How to troubleshoot DNS issues on a Linux machine?
Jul 07, 2025 am 12:35 AM
When encountering DNS problems, first check the /etc/resolv.conf file to see if the correct nameserver is configured; secondly, you can manually add public DNS such as 8.8.8.8 for testing; then use nslookup and dig commands to verify whether DNS resolution is normal. If these tools are not installed, you can first install the dnsutils or bind-utils package; then check the systemd-resolved service status and configuration file /etc/systemd/resolved.conf, and set DNS and FallbackDNS as needed and restart the service; finally check the network interface status and firewall rules, confirm that port 53 is not
Install Guacamole for Remote Linux/Windows Access in Ubuntu
Jul 08, 2025 am 09:58 AM
As a system administrator, you may find yourself (today or in the future) working in an environment where Windows and Linux coexist. It is no secret that some big companies prefer (or have to) run some of their production services in Windows boxes an
How would you debug a server that is slow or has high memory usage?
Jul 06, 2025 am 12:02 AM
If you find that the server is running slowly or the memory usage is too high, you should check the cause before operating. First, you need to check the system resource usage, use top, htop, free-h, iostat, ss-antp and other commands to check CPU, memory, disk I/O and network connections; secondly, analyze specific process problems, and track the behavior of high-occupancy processes through tools such as ps, jstack, strace; then check logs and monitoring data, view OOM records, exception requests, slow queries and other clues; finally, targeted processing is carried out based on common reasons such as memory leaks, connection pool exhaustion, cache failure storms, and timing task conflicts, optimize code logic, set up a timeout retry mechanism, add current limit fuses, and regularly pressure measurement and evaluation resources.
