Transferring Files

There are two ways to transfer files using the ssh encryption. Using ftp allows the convenience of the familiar transfer method. However, it is only possible to encrypt your username and password when using ftp. The actual data is not encrypted. (see "Extra Info" below for an explanation of this behavior.) If for some reason you need the data itself to be encrypted you will have to use scp.

How to use ssh with FTP.
How to use scp.
How to use ftp with ssh from MS-Windows
How to use ftp with ssh from a Macintosh
Extra information (for the curious).

Using FTP

First you must start an interactive login session similar to that described in the logging in instructions. But you must include some extra parameters on the command line.

For the sake of example, assume that you are logged into p2hp2 and want to start an ftp session with hp866b. Type:

p2hp2 %  ssh -l username -g -L1234:hp866b.lanl.gov:21 hp866b.lanl.gov

Just as with logging on normally, you don't need "-l username" if the username is the same on both machines. Also just as when logging on normally, after you type this command you will be asked for your password and then logged into the remote machine.

At this point you are ready to start the ftp session. You will need to open up another terminal window with a p2hp2 prompt. To open an ftp session to hp866b in this window type:

p2hp2 %  ftp p2hp2 1234

Note that it looks like you are opening an ftp session to p2hp2, not hp866b. But what happens is that you are opening a session to port 1234 on p2hp2 which the Ssh program is now forwarding on to hp866b. But this forwarded connection is encrypted! So your password can safely be sent because it is traveling across this encrypted connection.

After you issue the ftp command, you will get a response from the hp866b ftp server that should look familiar (with the oddity of the dual names mentioned):

Connected to p2hp2.lanl.gov.
220 hp866b.lanl.gov FTP server (SunOS 5.6) ready.
Name (p2hp2:username):

Enter your name and password as usual.

Note: when starting these sessions, the number 1234 is nothing special, but is an arbitrary number greater than 1024 that is chosen by you when you first start the session. Whatever you choose when opening the ssh login, you use that number for the ftp port. If by chance someone on the same machine already chose that number, then you will be informed of such and you just need to try again with a different number.

Using scp

Using scp is just like using rcp, so if you know how to use rcp then this will all look very familiar. Because scp encrypts the whole file, this can cause a significant load on the server, so this method should only be used for smaller files (usually less than 10k).

scp (and rcp) is very much like using the cp command for copying files. But when you specify the source and destination you can tell it which machine to start from and which machine to go to. The format for the command is:

scp user@source.host.name:source_filename user@destination.host.name:dest_dir/dest_filename

If the username on the source and destination is the same as the machine you are issuing the command on, then you don't have to put the "user@" on. Most of the time you are transferring from some remote machine to the machine you are on (or vice versa). Whichever file is local, you don't have to put the hostname.

For example, if you are logged into p2hp2 and you are transferring a file from hp866b to p2hp2 that is in your home directory on hp866b called file.dat, you would type this:

p2hp2 %  scp username@hp866b.lanl.gov:music_file .

If you wanted to transfer a data file in your current directory on p2hp2 to the data directory on hp866b (and not change the filename) you would type:

p2hp2 %  scp file.dat username@hp866b.lanl.gov:data/

or to change the file name when you do it:

p2hp2 %  scp file.dat username@hp866b.lanl.gov:data/newname.dat

After any of these command you should be asked for your password, just as if you were logging in to the remote machine. After you type your password the file should be transferred. Some versions of scp will put up a status line giving you percent progress completion and transfer rate reports as the file is copied.

Connecting from MS-Windows

The principles involved for using ftp from Windows are the same as for the Unix client. Choose the ssh client you are using for instructions on how to connect with that client.

F-Secure SSH Tunnel & Terminal
TeraTerm Pro/SSH
Command line port of ssh
This is almost just like using the unix client; follow these steps:
1. Be sure to have the HOME environment variable set as described in the Getting Started document.
2. If you are using the pre-built version (you didn't compile your own) then omit the "-g" that is used on the unix version.
3. Now continuse with the rest of the Unix Instructions.

Connecting from a Macintosh

The principles for using ftp from a macintosh are the same as described above for a unix client. You need to configure your SSH connection in F-Secure just as in the instructions for the MS-Windows F-Secure. The procedure is very similar. Please click the link below for CIC-6's instructions on useing MS-Windows F-Secure for working with FTP. When you have finished the connection, you will need to follow the example for setting up WS-FTP so you can set up your Mac FTP client.

FTP with F-Secure SSH Tunnel & Terminal

Extra information

(for the curious)

When an ftp session is established, two connections are involved. On is the connection you make when you log in, this is called the control connection. When you request a file be transferred, a new connection is begun that is separate from the control connection and is used to actually send the data.

When using ftp with ssh as described above, you are forwarding the control connection through the ssh encrypted channel. However, the ftp applications still open up a separate data connection for the actual transfer that is not forwarded through the ssh, so it is not encrypted.

Back to the P-25: SSH howto page.

Rajpaul Bagga