How to use SCP to copy from one Lightsail instance to another

Keywords: LAMP/MAMP/WAMP - AWS - How to - Connectivity (SSH/FTP)
Description:
Hello,

I want to copy files directly between an old Lightsail instance and a new one rather than download to my local machine and upload again. Both instances are using the same Lightsail default key pair. I have not been able to figure out how to specify the key file correctly in the SCP command.

I want to copy files from the remote instance (old) to the instance (new) of my SSH session. Please let me know the correct way to perform an example copy operation like the following.

scp -i LightsailDefaultKey.pem bitnami@[remote lightsail instance IP address]:/home/bitnami/remote-file-to-copy.txt /home/bitnami

I’ve tried numerous variations. All have been rejected with permission denied. Thanks for your help!

Best regards,
Steven

My scp example did not display as expected in the original message. Here’s what was meant:

scp -i LightsailDefaultKey.pem bitnami@Remote_Lightsail_Instance_IP_address:/home/bitnami/remote-file-to-copy.txt /home/bitnami

To clarify, my doubts are mostly about how to know the correct path and file name for the .pem file. I’ve not been able to locate it using the find command. I can download the default private key from the Lightsail web interface and get this:
LightsailDefaultKey-us-east-2.pem

I don’t know the path to that file on either instance. My main question, therefore, is:
How do I correctly specify “-i KEYFILE” in the scp command, where KEYFILE represents the remote server’s path and name of the .pem file? Thanks!

Okay. I finally got it to successfully copy a file. This is what I did:

  1. I created a new directory in /home/bitnami on both instances where I would place all files to be sent or received, e.g. “mydirectory”.

  2. I uploaded the private key I had downloaded from the Lightsail web interface into “mydirectory” on both instances, to allow for transfers from either host.

  3. I changed the permissions on the key file to 600 on both instances.

  4. Then I used this form of the SCP command to successfully copy a file
    scp -i /home/bitnami/mydirectory/LightsailDefaultKey-us-east-2.pem bitnami@Remote_Lightsail_Instance_IP_address:/home/bitnami/mydirectory/remote-file-to-copy.txt /home/bitnami/mydirectory

My remaining question is: Was it necessary to upload the private key? Wouldn’t it already exist somewhere on the instance? If so, where and with what file name?

Thanks!

Best regards,
Steven

Hi @teleferico,

It’s not necessary (and insecure) to copy the private key. To be able to copy from one machine to the other, each machine needs the public key of the other machine added to its ~/.ssh/authorised_keys file. Private keys should remain on the same machine where it was created. You can read more about SSH connections in the following guide:

https://docs.bitnami.com/aws/faq/administration/provide-additional-ssh-access/

Regards,
Michiel

Hello, Michiel,

Thank you. I am familiar with the linked document. However, my question still remains.

I have an old Lightsail LAMP instance and a new Lightsail LAMP instance. Both have the same user, bitnami. Both have the same key pair. How do I specify the correct form of the scp command to enable copying files directly between the two instances?

The solution I mentioned above was a work-around that allowed me to copy files. You say, however, that it’s not the proper way to do it. I would like to be able to do it properly. Given that both instances have the same use and same key pair, I shouldn’t have to add a new user and key pair, correct? And if that’s correct, how can I get the scp command to work without resorting to the work-around method I described above? Thanks!

Best regards,
Steven

Hi @teleferico,

Can you tell me the scp command you are using? Can you try this:

scp -i LightsailDefaultKey.pem FILE_TO_UPLOAD bitnami@YOUR_IP_ADDRESS_HERE:

Regards,
Michiel

Thank you, Michiel.

I tried the command you gave:
scp -i LightsailDefaultKey.pem FILE_TO_UPLOAD bitnami@YOUR_IP_ADDRESS_HERE:

I got this result:
Warning: Identity file LightsailDefaultKey-us-east-2.pem not accessible: No such file or directory.
Permission denied (publickey).
lost connection

Trying also from the other direction, issuing the reversed command from the other host, I got the same result.

Right now I am trying to use SCP between two different instances, not the two that I had problems with in my earlier posts. These are two more Lightsail instances in the same Lightsail account using the default key pair.

I just now tried the four-step workaround I described in an earlier post above. Even that is not working on this pair of Lightsail instances. So I’ve resorted to doing a 640 MB download and subsequent upload that’s taking quite a while. When I previously got the (improper) workaround to work on the first two instances, the SCP transfers were almost instantaneous. SCP is definitely the better way to go. I wish that I could get it to work!

Thanks for your help.

Best regards,
Steven

Hi @teleferico,

Please note the path to the pem file needs to be correct. This error indicates it can’t find the pem file. Did you download the LightsailDefaultKey-us-east-2.pem file and place it in the directory you are executing the scp command from?

Regards,
Michiel

Hello, Michiel,

Thank you! That worked.

At first, however, I got this:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for ‘LightsailDefaultKey-us-east-2.pem’ are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key “LightsailDefaultKey-us-east-2.pem”: bad permissions

Permission denied (publickey).

I changed the permissions to 0600. Then it worked. However, based on the error messages I wondered if this .pem file contain the public key or the private key or both. Looking at the file, the contents say that it is the private key. So adding this file to the directory from which I execute the scp command seems to contradict your earlier recommendation:

What’s the best way to handle it without adding the .pem file to the directory from which I execute the scp command? Is there a proper place to store the .pem file and then just use the full path to it in the scp command?

Thanks for your help!

Best regards,
Steven

Hi @teleferico,

Yes, the pem file is private key. The warning you get is indeed the permissions being too permissive.[quote=“teleferico, post:10, topic:92794”]
It’s not necessary (and insecure) to copy the private key.
[/quote]

My apologies I should have explained this a bit more. You can place the PEM file in the directory of your choice. It’s good practice to have only one copy. The ~/.ssh folder is a good place to keep it. For example:

Create a directory called pems:

mkdir ~/.ssh/pems

And then place the pem key there using the mv command:

mv LightsailDefaultKey.pem ~/.ssh/pems

And then use the full path in the scp command:

scp -i ~/.ssh/LightsailDefaultKey.pem FILE_TO_UPLOAD bitnami@YOUR_IP_ADDRESS_HERE:

Regards,
Michiel

Hello, Michiel,

Thank you. I will give that a try.

I appreciate your help.

Best regards,
Steven

1 Like