|
1 | | ---- |
2 | | -title: Use SCP to move files to and from a VM |
3 | | -description: Securely move files to and from a Linux VM in Azure using SCP and an SSH key pair. |
4 | | -author: cynthn |
5 | | -ms.service: virtual-machines |
6 | | -ms.collection: linux |
7 | | -ms.workload: infrastructure |
8 | | -ms.topic: how-to |
9 | | -ms.date: 04/20/2021 |
10 | | -ms.author: cynthn |
11 | | ---- |
12 | | - |
13 | | -# Use SCP to move files to and from a Linux VM |
14 | | - |
15 | | -**Applies to:** :heavy_check_mark: Linux VMs :heavy_check_mark: Flexible scale sets |
16 | | - |
17 | | -This article shows how to move files from your workstation up to an Azure Linux VM, or from an Azure Linux VM down to your workstation, using Secure Copy (SCP). Moving files between your workstation and a Linux VM, quickly and securely, is critical for managing your Azure infrastructure. |
18 | | - |
19 | | -For this article, you need a Linux VM deployed in Azure using [SSH public and private key files](mac-create-ssh-keys.md). You also need an SCP client for your local computer. It is built on top of SSH and included in the default Bash shell of most Linux and Mac computers and PowerShell. |
20 | | - |
21 | | - |
22 | | -## Quick commands |
23 | | - |
24 | | -Copy a file up to the Linux VM |
25 | | - |
26 | | -```bash |
27 | | -scp file azureuser@azurehost:directory/targetfile |
28 | | -``` |
29 | | - |
30 | | -Copy a file down from the Linux VM |
31 | | - |
32 | | -```bash |
33 | | -scp azureuser@azurehost:directory/file targetfile |
34 | | -``` |
35 | | - |
36 | | -## Detailed walkthrough |
37 | | - |
38 | | -As examples, we move an Azure configuration file up to a Linux VM and pull down a log file directory, both using SCP and SSH keys. |
39 | | - |
40 | | -## SSH key pair authentication |
41 | | - |
42 | | -SCP uses SSH for the transport layer. SSH handles the authentication on the destination host, and it moves the file in an encrypted tunnel provided by default with SSH. For SSH authentication, usernames and passwords can be used. However, SSH public and private key authentication are recommended as a security best practice. Once SSH has authenticated the connection, SCP then begins copying the file. Using a properly configured `~/.ssh/config` and SSH public and private keys, the SCP connection can be established by just using a server name (or IP address). If you only have one SSH key, SCP looks for it in the `~/.ssh/` directory, and uses it by default to log in to the VM. |
43 | | - |
44 | | -For more information on configuring your `~/.ssh/config` and SSH public and private keys, see [Create SSH keys](mac-create-ssh-keys.md). |
45 | | - |
46 | | -## SCP a file to a Linux VM |
47 | | - |
48 | | -For the first example, we copy an Azure configuration file up to a Linux VM that is used to deploy automation. Because this file contains Azure API credentials, which include secrets, security is important. The encrypted tunnel provided by SSH protects the contents of the file. |
49 | | - |
50 | | -The following command copies the local *.azure/config* file to an Azure VM with FQDN *myserver.eastus.cloudapp.azure.com*. If you don't have an [FQDN set](../create-fqdn.md), you can also use the IP address of the VM. The admin user name on the Azure VM is *azureuser*. The file is targeted to the */home/azureuser/* directory. Substitute your own values in this command. |
51 | | - |
52 | | -```bash |
53 | | -scp ~/.azure/config [email protected]:/home/azureuser/config |
54 | | -``` |
55 | | - |
56 | | -## SCP a directory from a Linux VM |
57 | | - |
58 | | -For this example, we copy a directory of log files from the Linux VM down to your workstation. A log file may or may not contain sensitive or secret data. However, using SCP ensures the contents of the log files are encrypted. Using SCP to transfer the files is the easiest way to get the log directory and files down to your workstation while also being secure. |
59 | | - |
60 | | -The following command copies files in the */home/azureuser/logs/* directory on the Azure VM to the local /tmp directory: |
61 | | - |
62 | | -```bash |
63 | | -scp -r [email protected]:/home/azureuser/logs/. /tmp/ |
64 | | -``` |
65 | | - |
66 | | -The `-r` flag instructs SCP to recursively copy the files and directories from the point of the directory listed in the command. Also notice that the command-line syntax is similar to a `cp` copy command. |
67 | | - |
68 | | -## Next steps |
69 | | - |
70 | | -* [Manage users, SSH, and check or repair disks on Azure Linux VMs using the VMAccess Extension](../extensions/vmaccess.md?toc=/azure/virtual-machines/linux/toc.json) |
| 1 | +--- |
| 2 | +title: Use SCP to move files to and from a VM |
| 3 | +description: Securely move files to and from a Linux VM in Azure using SCP and an SSH key pair. |
| 4 | +author: cynthn |
| 5 | +ms.service: virtual-machines |
| 6 | +ms.workload: infrastructure |
| 7 | +ms.topic: how-to |
| 8 | +ms.date: 07/30/2022 |
| 9 | +ms.author: cynthn |
| 10 | +--- |
| 11 | + |
| 12 | +# Use SCP to move files to and from a VM |
| 13 | + |
| 14 | +**Applies to:** :heavy_check_mark: Linux VMs :heavy_check_mark: Windows VMs :heavy_check_mark: Flexible scale sets |
| 15 | + |
| 16 | +This article shows how to move files from your workstation up to an Azure VM, or from an Azure VM down to your workstation, using Secure Copy (SCP). Moving files between your workstation and a VM, quickly and securely, is critical for managing your Azure infrastructure. |
| 17 | + |
| 18 | +For this article, you need a VM deployed in Azure with SSH enabled. You also need an SCP client for your local computer. It is built on top of SSH and included in the default shell of most computers. |
| 19 | + |
| 20 | + |
| 21 | +## Quick commands |
| 22 | + |
| 23 | +Copy a file up to the VM |
| 24 | + |
| 25 | +```bash |
| 26 | +scp file azureuser@azurehost:directory/targetfile |
| 27 | +``` |
| 28 | + |
| 29 | +Copy a file down from the VM |
| 30 | + |
| 31 | +```bash |
| 32 | +scp azureuser@azurehost:directory/file targetfile |
| 33 | +``` |
| 34 | + |
| 35 | +## Detailed walkthrough |
| 36 | + |
| 37 | +As examples, we move an Azure configuration file up to a VM and pull down a log file directory, both using SCP. |
| 38 | + |
| 39 | +## SSH key pair authentication |
| 40 | + |
| 41 | +SCP uses SSH for the transport layer. SSH handles the authentication on the destination host, and it moves the file in an encrypted tunnel provided by default with SSH. For SSH authentication, usernames and passwords can be used. However, SSH public and private key authentication are recommended as a security best practice. Once SSH has authenticated the connection, SCP then begins copying the file. Using a properly configured `~/.ssh/config` and SSH public and private keys, the SCP connection can be established by just using a server name (or IP address). If you only have one SSH key, SCP looks for it in the `~/.ssh/` directory, and uses it by default to log in to the VM. |
| 42 | + |
| 43 | +For more information on configuring your `~/.ssh/config` and SSH public and private keys, see [Create SSH keys](/linux/mac-create-ssh-keys.md). |
| 44 | + |
| 45 | +## SCP a file to a VM |
| 46 | + |
| 47 | +For the first example, we copy an Azure configuration file up to a VM that is used to deploy automation. Because this file contains Azure API credentials, which include secrets, security is important. The encrypted tunnel provided by SSH protects the contents of the file. |
| 48 | + |
| 49 | +The following command copies the local *.azure/config* file to an Azure VM with FQDN *myserver.eastus.cloudapp.azure.com*. If you don't have an [FQDN set](/create-fqdn.md), you can also use the IP address of the VM. The admin user name on the Azure VM is *azureuser*. The file is targeted to the */home/azureuser/* directory. Substitute your own values in this command. |
| 50 | + |
| 51 | +```bash |
| 52 | +scp ~/.azure/config [email protected]:/home/azureuser/config |
| 53 | +``` |
| 54 | + |
| 55 | +## SCP a directory from a VM |
| 56 | + |
| 57 | +For this example, we copy a directory of log files from the VM down to your workstation. A log file may or may not contain sensitive or secret data. However, using SCP ensures the contents of the log files are encrypted. Using SCP to transfer the files is the easiest way to get the log directory and files down to your workstation while also being secure. |
| 58 | + |
| 59 | +The following command copies files in the */home/azureuser/logs/* directory on the Azure VM to the local /tmp directory: |
| 60 | + |
| 61 | +```bash |
| 62 | +scp -r [email protected]:/home/azureuser/logs/. /tmp/ |
| 63 | +``` |
| 64 | + |
| 65 | +The `-r` flag instructs SCP to recursively copy the files and directories from the point of the directory listed in the command. Also notice that the command-line syntax is similar to a `cp` copy command. |
| 66 | + |
| 67 | +## Next steps |
| 68 | + |
| 69 | +* [Manage users, SSH, and check or repair disks on Azure Linux VMs using the VMAccess Extension](/extensions/vmaccess.md?toc=/azure/virtual-machines/linux/toc.json) |
0 commit comments