Linux – Securely copying files between two remote servers

linuxmacscpssh

I am trying to copy (scp) files from one remote server to another remote server. The remote servers are running Ubuntu and are using SSH authentication. The servers synchronise with LDAP, and all users public keys are stored on the LDAP server.

I am running a Mac with OSX Mavericks – I followed these instructions to set up agent forwarding on my Mac: https://developer.github.com/guides/using-ssh-agent-forwarding/

When I try and run the command:

luca-macbook:~ luca$ scp users@remoteserver:/home/ubuntu/file users@remoteserver:/home/ubuntu/

I get the following error:

Host key verification failed.
lost connection

Can someone tell me what I'm doing wrong?

Secondly, if I want to copy a whole directory over, do I just type the same as above and it will move all the files in the directory to or do I need to have a -R somewhere?

Thanks in advance.

Best Answer

That error means that the remote host's key has changed or you are using StrictHostKeyChecking:

StrictHostKeyChecking
   If this flag is set to “yes”, ssh(1) will never automatically add host keys to the
   ~/.ssh/known_hosts file, and refuses to connect to hosts whose host key has changed.
   This provides maximum protection
   against trojan horse attacks, though it can be annoying when the /etc/ssh
   /ssh_known_hosts file is poorly maintained or when connections to new hosts are
   frequently made.  This option forces the user to manually add all new hosts.  
   If this flag is set to “no”, ssh will automatically add new host keys to the user
   known hosts files.  If this flag is set to “ask”, new host keys will be added to the
   user known host files only after the user has confirmed that is what they really want
   to do, and ssh will refuse to connect to hosts whose host key has changed.  The host
   keys of known hosts will be verified automatically in all cases.  The argument must 
   be “yes”, “no”, or “ask”.  The default is “ask”.

Purge it using:

$ ssh-keygen -R $remoteserver

and try again. This time, you should be asked to confirm the identity of the remote server via its key fingerprint.

To transfer whole directories, the -r is used:

-r      Recursively copy entire directories.  Note that scp follows symbolic links
        encountered in the tree traversal.

This is all documented in the scp(1), ssh-keygen(1) and ssh_config(5) manpages.

Related Topic