Linux系统管理员应该很熟悉CLI环境,因为通常在Linux服务器中是不安装GUI的。SSH可能是Linux系统管理员通过远程方式安全管理服务器的最流行协议。在SSH命令中内置了一种叫SCP的命令,用来在服务器之间安全传输文件。从本地复制到远程、从远程复制到本地是两种使用方式。
以下命令可以解读为:用“username account”“拷贝 source file name”到“destination host”上的“destination folder”里。
SCP命令的基本语法:
<code> scp source_file_name username@destination_host:destination_folder </code>
SCP命令有很多可以使用的参数,这里指的是每次都会用到的参数。
1,用-v参数来提供SCP进程的详细信息
不带参数的基本SCP命令会在后台拷贝文件,除非操作完成或者有错误出现,否则用户在界面上是看不到任何提示信息的。你可以用“-v”参数来在屏幕上打印出调试信息,这能帮助你调试连接、认证和配置的一些问题。
<code> ←#6#root@www ~ scp -v test1 root@192.168.2.100:. Executing: program /usr/bin/ssh host 192.168.2.100, user root, command scp -v -t . OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to 192.168.2.100 [192.168.2.100] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity file /root/.ssh/identity type -1 debug1: identity file /root/.ssh/identity-cert type -1 debug1: identity file /root/.ssh/id_rsa type -1 debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: identity file /root/.ssh/id_dsa type -1 debug1: identity file /root/.ssh/id_dsa-cert type -1 debug1: identity file /root/.ssh/id_ecdsa type -1 debug1: identity file /root/.ssh/id_ecdsa-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3 debug1: match: OpenSSH_5.3 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.3 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host '192.168.2.100' is known and matches the RSA host key. debug1: Found key in /root/.ssh/known_hosts:4 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Trying private key: /root/.ssh/identity debug1: Trying private key: /root/.ssh/id_rsa debug1: Trying private key: /root/.ssh/id_dsa debug1: Trying private key: /root/.ssh/id_ecdsa debug1: Next authentication method: password root@192.168.2.100's password: debug1: Authentication succeeded (password). debug1: channel 0: new [client-session] debug1: Requesting no-more-sessions@openssh.com debug1: Entering interactive session. debug1: Sending environment. debug1: Sending env LANG = en_US.UTF-8 debug1: Sending command: scp -v -t . Sending file modes: C0644 0 test1 Sink: C0644 0 test1 test1 100% 0 0.0KB/s 00:00 debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 debug1: channel 0: free: client-session, nchannels 1 debug1: fd 0 clearing O_NONBLOCK debug1: fd 1 clearing O_NONBLOCK Transferred: sent 1688, received 2112 bytes, in 0.7 seconds Bytes per second: sent 2316.2, received 2898.0 debug1: Exit status 0 </code>
2,从源文件获取修改时间、访问时间和模式
“-p”参数会帮到把预计的时间和连接速度会显示在屏幕上。
<code> ←#8#root@www ~ →scp -p feiyu.sql root@192.168.2.100:. root@192.168.2.100's password: feiyu.sql 100% 4508KB 346.8KB/s 00:13 </code>
3,用-C参数来让文件传输更快
有一个参数能让传输文件更快,就是“-C”参数,它的作用是不停压缩所传输的文件。它特别之处在于压缩是在网络传输中进行,当文件传到目标服务器时,它会变回压缩之前的原始大小。
来看看这些命令,我们使用一个100 Mb的单一文件来做例子。
<code> ←#7#root@www ~ →ls -lh test1 -rw-r--r--. 1 root root 100M Jun 5 03:06 test1 ←#3#root@www ~ →scp -pv test1 feiyu@192.168.2.103:. Executing: program /usr/bin/ssh host 192.168.2.103, user feiyu, command scp -v -p -t . OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to 192.168.2.103 [192.168.2.103] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity file /root/.ssh/identity type -1 debug1: identity file /root/.ssh/identity-cert type -1 debug1: identity file /root/.ssh/id_rsa type -1 debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: identity file /root/.ssh/id_dsa type -1 debug1: identity file /root/.ssh/id_dsa-cert type -1 debug1: identity file /root/.ssh/id_ecdsa type -1 debug1: identity file /root/.ssh/id_ecdsa-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3 debug1: match: OpenSSH_5.3 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.3 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host '192.168.2.103' is known and matches the RSA host key. debug1: Found key in /root/.ssh/known_hosts:3 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Trying private key: /root/.ssh/identity debug1: Trying private key: /root/.ssh/id_rsa debug1: Trying private key: /root/.ssh/id_dsa debug1: Trying private key: /root/.ssh/id_ecdsa debug1: Next authentication method: password feiyu@192.168.2.103's password: debug1: Authentication succeeded (password). debug1: channel 0: new [client-session] debug1: Requesting no-more-sessions@openssh.com debug1: Entering interactive session. debug1: Sending environment. debug1: Sending env LANG = en_US.UTF-8 debug1: Sending command: scp -v -p -t . File mtime 1433498796 atime 1433498941 Sending file timestamps: T1433498796 0 1433498941 0 Sink: T1433498796 0 1433498941 0 Sending file modes: C0644 104857600 test1 Sink: C0644 104857600 test1 test1 100% 100MB 1.6MB/s 01:03 debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 debug1: channel 0: free: client-session, nchannels 1 debug1: fd 0 clearing O_NONBLOCK debug1: fd 1 clearing O_NONBLOCK Transferred: sent 105063032, received 156240 bytes, in 64.5 seconds Bytes per second: sent 1627749.2, received 2420.6 debug1: Exit status 0 </code>
不用“-C”参数来拷贝文件,结果用了 64.5秒,你可以比较下用了“-C”参数之后的结果。
<code> ←#8#root@www ~ →scp -Cpv test1 feiyu@192.168.2.103:. Executing: program /usr/bin/ssh host 192.168.2.103, user feiyu, command scp -v -p -t . OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to 192.168.2.103 [192.168.2.103] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity file /root/.ssh/identity type -1 debug1: identity file /root/.ssh/identity-cert type -1 debug1: identity file /root/.ssh/id_rsa type -1 debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: identity file /root/.ssh/id_dsa type -1 debug1: identity file /root/.ssh/id_dsa-cert type -1 debug1: identity file /root/.ssh/id_ecdsa type -1 debug1: identity file /root/.ssh/id_ecdsa-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3 debug1: match: OpenSSH_5.3 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.3 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 zlib@openssh.com debug1: kex: client->server aes128-ctr hmac-md5 zlib@openssh.com debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host '192.168.2.103' is known and matches the RSA host key. debug1: Found key in /root/.ssh/known_hosts:3 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Trying private key: /root/.ssh/identity debug1: Trying private key: /root/.ssh/id_rsa debug1: Trying private key: /root/.ssh/id_dsa debug1: Trying private key: /root/.ssh/id_ecdsa debug1: Next authentication method: password feiyu@192.168.2.103's password: debug1: Enabling compression at level 6. debug1: Authentication succeeded (password). debug1: channel 0: new [client-session] debug1: Requesting no-more-sessions@openssh.com debug1: Entering interactive session. debug1: Sending environment. debug1: Sending env LANG = en_US.UTF-8 debug1: Sending command: scp -v -p -t . File mtime 1433498796 atime 1433498941 Sending file timestamps: T1433498796 0 1433498941 0 Sink: T1433498796 0 1433498941 0 Sending file modes: C0644 104857600 test1 Sink: C0644 104857600 test1 test1 100% 100MB 50.0MB/s 00:02 debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 debug1: channel 0: free: client-session, nchannels 1 debug1: fd 0 clearing O_NONBLOCK debug1: fd 1 clearing O_NONBLOCK Transferred: sent 308936, received 16784 bytes, in 1.9 seconds Bytes per second: sent 161028.8, received 8748.4 debug1: Exit status 0 debug1: compress outgoing: raw data 104915442, compressed 224215, factor 0.00 debug1: compress incoming: raw data 8446, compressed 4054, factor 0.48 </code>
看到了吧,压缩了文件之后,传输过程在1.9秒内就完成了,速度是不用“-C”参数的三十多倍。如果你要通过网络拷贝很多份文件,那么“-C”参数能帮你节省掉很多时间。
有一点我们需要注意,这个压缩的方法不是适用于所有文件。当源文件已经被压缩过了,那就没办法再压缩很多了。诸如那些像.zip,.rar,pictures和.iso的文件,用“-C”参数就没什么意义。
4,选择其它加密算法来加密文件
SCP默认是用“AES-128”加密算法来加密传输的。如果你想要改用其它加密算法来加密传输,你可以用“-c”参数。我们来瞧瞧。
<code> ←#9#root@www ~ →scp -c 3des test1 feiyu@192.168.2.103:. feiyu@192.168.2.103's password: test1 100% 100MB 10.0MB/s 00:10 </code>
上述命令是告诉SCP用3des algorithm来加密文件。要注意这个参数是“-c”(小写)而不是“-C“(大写)。
5,限制带宽使用
还有一个很有用的参数是“-l”参数,它能限制使用带宽。如果你为了拷贝很多文件而去执行了一份自动化脚本又不希望带宽被SCP进程耗尽,那这个参数会非常管用。
<code> ←#10#root@www ~ →scp -l 1024 test1 feiyu@192.168.2.103:. feiyu@192.168.2.103's password: test1 2% 2464KB 123.0KB/s 13:32 ETA </code>
在“-l”参数后面的这个1000值意思是我们给SCP进程限制了带宽为125 KB/秒。有一点要记住,带宽是以千比特/秒 (kbps)表示的,而8 比特等于1 字节。
因为SCP是用千字节/秒 (KB/s)计算的,所以如果你想要限制SCP的最大带宽只有125 KB/s,你就需要设置成125 x 8 = 1000。
6,指定端口
通常SCP是把22作为默认端口。但是为了安全起见SSH 监听端口改成其它端口。比如说,我们想用2249端口,这种情况下就要指定端口。命令如下所示。
<code> ←#13#root@www ~ →scp -P 2022 test1 feiyu@192.168.2.103:. </code>
确认一下写的是大写字母“P”而不是“p“,因为“p”已经被用来保留源文件的修改时间和模式,此处与ssh不同。
7,递归拷贝文件和文件夹
有时我们需要拷贝文件夹及其内部的所有文件/子文件夹,我们如果能用一条命令解决问题那就更好了。SCP用“-r”参数就能做到。
<code> ←#31#root@www ~ →scp -r test3 feiyu@192.168.2.103:. feiyu@192.168.2.103's password: a 100% 4 0.0KB/s 00:00 b 100% 4 0.0KB/s 00:00 c 100% 4 0.0KB/s 00:00 </code>
8,禁用进度条和警告/诊断信息
如果你不想从SCP中看到进度条和警告/诊断信息,你可以用“-q”参数来静默它们,举例如下。
<code> ←#34#root@www ~ scp -q a feiyu@192.168.2.103:. feiyu@192.168.2.103's password: ←#35#root@www ~ → </code>
正如你所看到的,在你输入密码之后,没有任何关于SCP进度的消息反馈。进度完成后,你也看不到任何提示。
总的来说,scp使用方法分为两大类:从 本地 复制到 远程和从 远程 复制到 本地。
一,从 本地 复制到 远程:
* 复制文件:
* 命令格式:
<code> scp local_file remote_username@remote_ip:remote_folder </code>
或者
<code> scp local_file remote_username@remote_ip:remote_file </code>
或者
<code> scp local_file remote_ip:remote_folder </code>
或者
<code> scp local_file remote_ip:remote_file </code>
第1,2个指定了用户名,命令执行后需要再输入密码,第1个仅指定了远程的目录,文件名字不变,第2个指定了文件名;
第3,4个没有指定用户名,命令执行后需要输入用户名和密码,第3个仅指定了远程的目录,文件名字不变,第4个指定了文件名;
<code> ←#35#root@www ~ →scp test1 feiyu@192.168.2.103:. ←#35#root@www ~ →scp test1 feiyu@192.168.2.103:./test ←#35#root@www ~ →scp test1 192.168.2.103:. ←#35#root@www ~ →scp test1 192.168.2.103:./test </code>
二,从 远程 复制到 本地
从 远程 复制到 本地,只要将 从 本地 复制到 远程 的命令 的 后2个参数 调换顺序 即可;
<code> ←#35#root@www ~ →scp root@192.168.2.103:/root/test1 /home/test ←#35#root@www ~ →scp root@192.168.2.103:/root/test1 /home/test/test1 </code>
Linux scp命令的使用方法应该可以满足大家对Linux文件和目录的复制使用了。