As with all operating systems, Linux is not devoid of its own errors. A common one that often occurs for users is the “SCP permission denied” error, which pops up when you are trying to transfer encrypted files from one Linux system to another, remote or otherwise. This article will address both what the SCP command is, how it works, and it will also take a look at why you may be getting the “SCP permission denied” error, and how you can go about transferring your files successfully.
What Does SCP Mean?
The SCP in “SCP permission denied” stands for “secure copy” which is another way to say that the copy transfer process is secure between the origin point and the destination. The SCP transfer process is simply a safer alternative to the “cp” or copy command on Linux.
What Is the CP (Copy) Command and How is it Different?
This is the primary command used for copying files and directories in Linux. The format of this in its most basic form is “cp [additional_option] source_file target_file“.
It runs in the same directory as you are working in, but does not allow two of the same files to exist in one directory. It will overwrite any files that have the same name when it copies the file over. The SCP command is very similar, with the only difference being that it provides encryption for sensitive information.
Brief Rundown of How the SCP Command Works
When you run the SCP command, Linux will generate an encrypted copy of a specified file, folder, or directory, and deposit that copy to the specified location. The basic syntax of SCP is as follows:
scp [options] username1@source_host: /location1/ file1 username2@destination_host: /location2 /file2
You may also choose to use wildcards with the SCP command to make it do different things, like change the copied file name, but we will talk about this below in the How to Properly Use SCP to Successfully Transfer Files section.
What Does The SCP Command Do?
The SCP or secure copy helps you copy files or folders between two Linux systems. These systems can be local or they can be remote. For instance, you may want to copy a file from a Linux computer to another on the same network, or you may want to copy a file from a Linux computer to a remote server. The SCP command is secure because it uses a secure shell or SSH protocol. All data, usernames, and passwords are encrypted during the copy process to ensure that any sensitive information is secured.
You can use SCP to copy files, folders, or directories from/to:
- Local to local systems.
- Local to remote systems.
- Remote to local systems.
- Remote to remote servers.
- Or local systems to AWS EC2 instances (Amazon Elastic Compute Cloud Web Services).
In order for SCP to work, you must have a secure shell (SSH) login for the servers’ you are trying to use SCP on/to. You may also need root access to both the client (user profile), and the server you are transferring to.
Common Reasons Why Permission May Be Denied
Most Linux users will run into the “SCP permission denied” error at some point, often due to very simple errors or missteps during command execution. Here are several common causes that may be the culprit:
- You have typed in or used an invalid username or password when using the command.
- Your file may be in a different location than what you’re specifying with the SCP command.
- The file might have restricted read or write access (or both).
- Your user profile does not have ownership over the directory in which you are trying to transfer the file from.
- Specifying the incorrect port when mentioning a custom port during the transfer process.
- You have an incorrect or old host key in your “known_hosts” file.
How to Resolve the “SCP Permission Denied” Error on Linux
The aforementioned errors above are all things to look for when troubleshooting the “SCP Permission Denied” error, and each come with simple, straight-forward solutions.
- Double check your username and password. It wouldn’t be the first time, nor will it be the last that we make a typo in either our username or password. Try again and make sure the access credentials are correct.
- Make sure your target files are where you think they are. The SCP command requires you to at least have a general idea of where your target files are located. If the command can’t find them, it will consider them inaccessible. Be sure to check that your files haven’t been moved or otherwise misplaced.
- Ensure you have Read/Write access to your target file or remote directory. If you are restricted from accessing your target directory, the SCP command will return with the appropriate error. You can log in to the remote directory and check your Read/Write access using the following command:
$ ls -ld “your remote directory”
Where “your remote directory” is the name of your target directory. If your user does not have Read/Write access to the desired directory, you must assign it access manually. - Change the ownership of the target remote directory to your user. It is very possible that another user, including the root user, has ownership over your target directory. Solve this by using the following command:
$ sudo chown -R “username”:”username” “path to your remote directory” - Ensure you’re properly specifying a custom port. Specifying a custom port is accomplished with the -P command option, with an uppercase P. It’s easy to get confused and think that -p will produce the same results, however, this command option has nothing to do with ports. Make sure you’re typing all of your commands properly in order to avoid such errors.
- You may be getting the “SCP permission denied” error due to an old or incorrect host file. You can resolve this by removing your host entry, using the following command:
$ ssh-keygen -R hostname
Or you can also use:
$ vim ~/.ssh/known_hosts
How To Use SCP Properly to Successfully Transfer Files
When it comes to using SCP properly, it is important to know what the options and wildcards are. The most common basic commands that you would use include:
Basic Option Commands You Would Use
- -P – this will specify the SSH server port.
- -p – this will create a timestamp for modification and access.
- -q – this ensures that progress or messages are not displayed.
- -C – with this, you compress the data during the transmission.
- -c – this is the cipher option.
- -r – this is for “recursive” which includes subdirectories & their content.
- -F – this is to configure SSH.
- -i – this is for an identity_file.
- -l – this is to limit.
- -o – this is to bring up SSH options.
The wildcard options include things like:
- ~/ which stands for the user’s home/directory.
- * allows you to specify a string of text.
For instance, you can use the /~/*.txt to copy all files in the home directory that end with the .txt file extension. We will use the test.txt in the examples below.
How to Copy from Local to Remote Server
When sending files to a remote server, you will first need to know what port SSH requests are filtered through, then specify it in your command. Then you will need to know where you will be sending the file, such as the destination server’s home directory. Your command should end up looking something like this:
scp -P “Port number” *.txt “Remote Server Username”:/”Target Location”/
This particular command, when executed, will copy all files in the user’s home folder ending in .txt and deposit the copy to the remote server’s specified folder.
It is important to note that if you only specify the destination directory for the remote host, then the filename will stay as is. This is done with the following command example:
scp *txt username2@destination_host:/~/
If you wanted to change the filename after being copied to the remote destination, you would run the following command:
scp test.txt username2@destination_host:/user/home/user1test.txt
How to Copy from One Remote Host to Another Remote Host
If you are looking to copy from one remote host to another remote system, you can do so by using the following SCP command:
scp user1@host1.com : /files/test.txt user2@user2.com : /files
With this line, you would be moving the test.txt file from the directory on the first host to the directory on the second host. The specified location being the host’s server name. When you run this command, you will need to enter in the passwords for both user1 and user2 for it to complete successfully.
How to Copy Your Large Files/Folders/Directories
We recommend that if you are looking to copy a large batch of files, that you run your SCP commands in a terminal multiplexer, which is a software application that you can use to run separate pseudoterminal-based login sessions within one single terminal display. It is extremely useful for running multiple command line programs.
An example of a terminal multiplexer is tmux, which is open-source and used for Unix operating systems. You can use it to run multiple terminal sessions within one single window, and as such, more than one command-line program at the same time. You can view tmux on GitHub, here.
What You Need to Remember When Using the SCP Command on Linux
There are two major things you need to remember when using the SCP command on Linux/Unix, in order to not get the “SCP permission denied” error. These are:
- You will need the password for the user on the remote system(s) when using the SCP command to transfer the file or folder over.
- On the source system (the computer you are using), the user profile you are using must have read access to the file(s) you are looking to copy. On the destination system (local system, remote, or AWS), you use an account that has write access to the directory that you want to save the file(s) to.
If you do not have either of these things, you are likely to get the “SCP permission denied” error. You can use a root user account to solve permissions issues.
Wrapping It Up
Most of the time, the “SCP permission denied” error is caused by a simple mistake in the command execution, or is due to a lack of having the right read/write permissions on the remote or local server you are sending the file to. We hope that the above scenarios have helped you resolve your “SCP permission denied” error, and if they have, please leave a comment below and let us know.
The worst thing is when you don’t have permissions to run ‘scp’ on the remote host.