SCP and SFTP on AIX: Complete File Transfer Guide
Secure file transfer is a fundamental task in AIX system administration. This guide covers SCP (Secure Copy) and SFTP (SSH File Transfer Protocol) on AIX, including practical examples, batch operations, and troubleshooting.
SCP vs SFTP: Which to Use?
| Feature | SCP | SFTP |
|---|---|---|
| Best for | Quick, single file transfers | Interactive sessions, complex operations |
| Resume interrupted transfer | No | Yes |
| Directory listing | No | Yes |
| Delete remote files | No | Yes |
| Bandwidth limiting | Yes (-l) | No (use external tools) |
| Scripting | Easy | Requires batch mode |
Rule of thumb: Use SCP for quick transfers, SFTP for interactive work or when you need to browse remote directories.
SCP on AIX
Basic SCP Syntax
scp [options] source destination
Copy File to Remote Server
# Copy local file to remote server
scp /tmp/data.tar user@remote-aix:/home/user/
# Copy to specific remote directory
scp /tmp/config.cfg [email protected]:/etc/myapp/
# Copy with different remote filename
scp /tmp/backup.tar user@remote:/backups/backup_20240101.tar
Copy File from Remote Server
# Copy remote file to local directory
scp user@remote-aix:/var/log/app.log /tmp/
# Copy to current directory
scp user@remote-aix:/etc/hosts .
# Copy with different local filename
scp root@remote:/etc/ssh/sshd_config ./sshd_config.backup
Copy Directories Recursively
# Copy entire directory to remote
scp -r /home/user/project user@remote:/backup/
# Copy remote directory to local
scp -r user@remote:/var/www/html /tmp/website_backup/
SCP with Different Port
# Use port 2222 instead of default 22
scp -P 2222 file.txt user@remote:/tmp/
SCP with Identity File (Key)
# Use specific SSH key
scp -i ~/.ssh/my_private_key file.txt user@remote:/tmp/
# Combine with other options
scp -i ~/.ssh/aix_key -r /data user@aix-server:/backup/
Limit Bandwidth
# Limit to 1000 Kbit/s (useful for slow links)
scp -l 1000 large_file.tar user@remote:/tmp/
# Limit to ~500 KB/s
scp -l 4000 huge_backup.tar user@remote:/backups/
Preserve File Attributes
# Preserve modification times, access times, and modes
scp -p /etc/important.conf user@remote:/etc/
Compress During Transfer
# Enable compression (good for text files, slow links)
scp -C large_text_file.log user@remote:/logs/
# Combine with recursive
scp -Cr /var/log/ user@remote:/backup/logs/
Copy Between Two Remote Servers
# Copy from server1 to server2 (via local machine)
scp user@server1:/data/file.txt user@server2:/backup/
# Note: This routes through your local machine
# For direct server-to-server, SSH into server1 and scp from there
SCP with Verbose Output
# Show progress and debug info
scp -v large_file.tar user@remote:/tmp/
# Very verbose (for debugging)
scp -vvv file.txt user@remote:/tmp/
Batch SCP Examples
# Copy multiple files
scp file1.txt file2.txt file3.txt user@remote:/data/
# Copy using wildcards
scp /logs/*.log user@remote:/backup/logs/
# Copy all .conf files from /etc
scp /etc/*.conf user@remote:/backup/etc/
SFTP on AIX
Starting an SFTP Session
# Connect to remote server
sftp user@remote-aix
# Connect on different port
sftp -P 2222 user@remote-aix
# Connect with specific key
sftp -i ~/.ssh/my_key user@remote-aix
SFTP Interactive Commands
Once connected, you have access to these commands:
# Navigation
pwd # Print remote working directory
lpwd # Print local working directory
cd /path # Change remote directory
lcd /local/path # Change local directory
ls # List remote directory
lls # List local directory
# File Transfer
get remote_file # Download file
get remote_file local # Download with different name
put local_file # Upload file
put local_file remote # Upload with different name
mget *.log # Download multiple files
mput *.txt # Upload multiple files
# Directory Transfer
get -r remote_dir # Download directory recursively
put -r local_dir # Upload directory recursively
# File Operations
rm file # Delete remote file
rmdir directory # Delete remote directory
mkdir directory # Create remote directory
rename old new # Rename remote file
chmod 755 file # Change remote file permissions
chown uid file # Change remote file owner
chgrp gid file # Change remote file group
# Information
df -h # Remote disk usage
!command # Run local shell command
help # Show all commands
exit / quit / bye # End session
SFTP Practical Examples
Interactive session example:
$ sftp admin@aix-server
Connected to aix-server.
sftp> cd /var/log
sftp> ls -la
-rw-r--r-- 1 root system 123456 Feb 12 09:00 syslog
-rw-r--r-- 1 root system 54321 Feb 12 08:30 messages
sftp> get syslog /tmp/syslog_backup
Fetching /var/log/syslog to /tmp/syslog_backup
sftp> lcd /home/admin/uploads
sftp> put newconfig.conf /etc/myapp/
Uploading newconfig.conf to /etc/myapp/newconfig.conf
sftp> exit
SFTP Batch Mode
For scripting and automation, use batch mode:
Create a batch file (sftp_commands.txt):
cd /var/log
get syslog /backup/syslog
get messages /backup/messages
get secure /backup/secure
quit
Execute batch:
sftp -b sftp_commands.txt user@remote-aix
Inline batch commands:
echo "get /var/log/syslog /tmp/syslog" | sftp user@remote
SFTP in Scripts
Backup script example:
#!/bin/ksh
# backup_logs.sh - Backup remote AIX logs via SFTP
REMOTE_HOST="aix-server"
REMOTE_USER="backup"
BACKUP_DIR="/backup/$(date +%Y%m%d)"
KEY_FILE="/home/backup/.ssh/backup_key"
# Create local backup directory
mkdir -p "$BACKUP_DIR"
# Create SFTP batch file
cat > /tmp/sftp_batch_$$ << EOF
cd /var/log
get syslog $BACKUP_DIR/syslog
get messages $BACKUP_DIR/messages
get -r audit $BACKUP_DIR/audit
quit
EOF
# Execute SFTP with batch
sftp -i "$KEY_FILE" -b /tmp/sftp_batch_$$ ${REMOTE_USER}@${REMOTE_HOST}
# Cleanup
rm -f /tmp/sftp_batch_$$
echo "Backup completed to $BACKUP_DIR"
SFTP Server Configuration
The SFTP subsystem is configured in /etc/ssh/sshd_config:
# Default SFTP subsystem
Subsystem sftp /usr/sbin/sftp-server
# With logging
Subsystem sftp /usr/sbin/sftp-server -l INFO
# Restrict user to SFTP only (chroot)
Match User sftpuser
ChrootDirectory /sftp/%u
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no
Create SFTP-Only User on AIX
# Create user
mkuser -a home=/sftp/sftpuser shell=/bin/false sftpuser
# Set password
passwd sftpuser
# Create chroot directory structure
mkdir -p /sftp/sftpuser/upload
chown root:system /sftp/sftpuser
chmod 755 /sftp/sftpuser
chown sftpuser:staff /sftp/sftpuser/upload
chmod 755 /sftp/sftpuser/upload
# Add to sshd_config
cat >> /etc/ssh/sshd_config << EOF
Match User sftpuser
ChrootDirectory /sftp/%u
ForceCommand internal-sftp
AllowTcpForwarding no
EOF
# Restart SSH
stopsrc -s sshd && startsrc -s sshd
Troubleshooting File Transfers
Permission Denied Errors
# Check remote directory permissions
ssh user@remote "ls -la /path/to/directory"
# Check if user can write
ssh user@remote "touch /path/to/directory/test_write && rm /path/to/directory/test_write"
# For SCP, ensure parent directory exists
ssh user@remote "mkdir -p /path/to/directory"
Connection Issues
# Test SSH connection first
ssh -v user@remote
# Check if SFTP subsystem is enabled
ssh user@remote "grep -i sftp /etc/ssh/sshd_config"
# Verify sftp-server exists
ssh user@remote "ls -la /usr/sbin/sftp-server"
Transfer Interrupted
# SFTP can resume (use reget/reput)
sftp user@remote
sftp> reget partially_downloaded_file
sftp> reput partially_uploaded_file
# For SCP, you need rsync instead
rsync -avP --progress user@remote:/path/to/file /local/path/
Slow Transfer Speeds
# Disable compression if already compressed files
scp -o Compression=no file.tar.gz user@remote:/tmp/
# Use faster cipher
scp -c aes128-ctr file.tar user@remote:/tmp/
# Check for network issues
ping -c 5 remote-server
traceroute remote-server
"Received message too long" Error
Usually indicates the remote server is outputting text before SFTP can start. Check:
# Look for echo/print statements in shell profile
ssh user@remote "cat ~/.profile ~/.bashrc ~/.kshrc 2>/dev/null"
# Fix: Wrap output in login shell check
# In remote user's profile:
if [ -t 0 ]; then
echo "Welcome message" # Only shows for interactive shells
fi
SCP/SFTP Best Practices on AIX
Use Key-Based Authentication
# Generate key
ssh-keygen -t ed25519 -f ~/.ssh/transfer_key -N ""
# Copy to remote
ssh-copy-id -i ~/.ssh/transfer_key.pub user@remote
# Use in transfers
scp -i ~/.ssh/transfer_key file user@remote:/path/
Create SSH Config for Convenience
Add to ~/.ssh/config:
Host aix-prod
HostName 192.168.1.100
User admin
IdentityFile ~/.ssh/aix_key
Port 22
Host aix-backup
HostName 192.168.1.101
User backup
IdentityFile ~/.ssh/backup_key
Then simply:
scp file.txt aix-prod:/tmp/
sftp aix-backup
Log All Transfers
For audit purposes, create wrapper scripts:
#!/bin/ksh
# /usr/local/bin/scp-logged
LOG="/var/log/scp_transfers.log"
echo "$(date '+%Y-%m-%d %H:%M:%S') USER=$USER CMD=scp ARGS=$*" >> "$LOG"
/usr/bin/scp "$@"
Related Guides
- AIX SSH Configuration - Complete SSH setup guide
- SSH Tunneling on AIX - Port forwarding guide
- How to Restart SSH in AIX - SSH service management
Summary
SCP and SFTP provide secure file transfer capabilities on AIX:
- SCP: Quick, command-line transfers with
scp source dest - SFTP: Interactive or batch file management
- Use
-rfor directories,-Pfor different ports,-ifor keys - SFTP batch mode (
-b) enables scripted automation - Always verify permissions and test SSH connectivity first