How To Copy From Ubuntu to Mac OS Desktop using SSH

I am running Ubuntu 14.04.5 LTS in Amazon Web Services with an Elastic IP and an inbound connection for my Static IP.

I need to simply copy files from Ubuntu (Ubuntu 14.04.5) to my local mac (running OS 10.14.2) and then copy them back, both using a Terminal window and SSH.

I've tried scp, but can't seem to get the command correct as the error I'm getting is:

"ssh: connect to host **.*.**.*.** port 22: Connection timed out" (This IP is the Elastic IP).

What am I doing wrong? Help! Thanks in advance. :-)
TessandoIT AdministratorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

KimputerCommented:
Probably some default security still in place. Check the security groups and rules/rights assigned to that group.
TessandoIT AdministratorAuthor Commented:
Thanks Kimputer - Are you suggesting on the Mac side or the Ubuntu side? I've confirmed the security groups both inbound and outbound traffic.
serialbandCommented:
You're supposed to use the key that was created for your AWS instance to connect.

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstancesLinux.html
examples from amazon guide:
ssh -i /path/my-key-pair.pem ec2-user@ec2-198-51-100-1.compute-1.amazonaws.com
So, you'll need to do the same with scp.
scp -i /path/my-key-pair.pem /path/SampleFile.txt ec2-user@c2-198-51-100-1.compute-1.amazonaws.com:~

If that's too troublesome, you can preload the key.

eval `ssh-agent`
ssh-add
/path/my-key-pair.pem

After that's done, you should be able to just do the following:
ssh ec2-user@ec2-198-51-100-1.compute-1.amazonaws.com
scp  /path/SampleFile.txt ec2-user@c2-198-51-100-1.compute-1.amazonaws.com:~
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

David FavorLinux/LXD/WordPress/Hosting SavantCommented:
Several items.

1) You'll only use scp or sftp if you only have single simple files to sync, ignoring file change testing.

2) You'll use rsync -a -e "ssh -i /path-to-key-file" ... to sync many files + only sync data that has changed.

3) Check your Mac, as usually sshd spins up on port 2222 on Macs.

4) Keep in mind you can't normally push data from AWS to any residential machine as most ISPs block this.

5) You can easily pull files from AWS to your Mac.

Tip: Don't use ssh-agent unless you just have unlimited time on your hands.

Tip: Do use an empty passphrase key + push the public part of the key to AWS (ssh-copy-id) + your copies will work perfectly every time.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
serialbandCommented:
3) Check your Mac, as usually sshd spins up on port 2222 on Macs.
No.  sshd on the Mac starts on the same standard port 22 as sshd on any linux or unix system.
4) Keep in mind you can't normally push data from AWS to any residential machine as most ISPs block this.
No.  This is only because you are behind a NAT, not because you can't push to your home system.  You just need to open a port on your gateway to forward to an internal system.  It's easier to pull the files than to set up a port forward that you must eventually monitor for attacks.
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
*sshd port* - Only way to determine for sure is to test.

imac> netinfo | grep ssh
tcp4       0      0  *.2222                 *.*                    LISTEN      131072 131072    269 /opt/local/sbin/sshd
tcp6       0      0  *.2222                 *.*                    LISTEN      131072 131072    269 /opt/local/sbin/sshd

Open in new window


*ISP TOS* - "This is only because you are behind a NAT, not because you can't push to your home system" - this may or may not be true.

Most ISPs have in their TOS that they do not allow any listening ports on residential machines. Some ISPs scan for listening port + send nasty email saying they will turn off your service if you don't stop. Other ISPs simply block incoming connections to all residential IPs they own.

If this is the case with your ISP, you can just run an ssh proxy command connecting some local port to a public IP/port, which provides access to your local machine services.

Or you can just take the simple approach + pull files... which works every time...

netinfo script

#!/usr/bin/env perl

# 2016-02-22: Initial

use strict;
use warnings;

my @listeners = `netstat -anv | egrep '^Proto|udp|tcp'`;
exit unless @listeners;

chomp @listeners;

my $ftt = 1;

foreach my $entry (@listeners) {

   $entry =~ s/\s+[^\s]+$//o;

   if ($ftt) {
      $ftt = 0;
      print $entry, "\n";
   }
   elsif ($entry =~ /\bLISTEN\b/) {
      if ($entry !~ /^(.+)\s+(\d+)$/o) {
         die "WHOA! No pid in $entry\n" 
      }
      else {
         my $head  = $1;
         my $pid   = $2;
         my ($cmd) = `ps -o command -p $pid | egrep -v COMMAND`; chop $cmd;
         print $head, ' ', $pid, ' ', $cmd, "\n";
      }


   }

}

Open in new window

serialbandCommented:
If you have port 2222 as an sshd listening port, it's because you, or someone else, reconfigured sshd config at some point.  It's not the default port and has never been the default sshd port.  OS X is BSD based and uses standard sshd port 22.  When you turn on "Remote Login", aka sshd, in Sharing, it listens on port 22 by default.  I remap sshd ports on my own system to keep the script kiddies from spotting it in their indiscriminate scans and filling up my logs when I turn it on, but I have to change it.  Port 2222 is not the default sshd port on OS X.

Here's my Mac's /etc/services file that also lists ssh as port 22.
$ grep ssh services
ssh              22/udp     # SSH Remote Login Protocol
ssh              22/tcp     # SSH Remote Login Protocol
..

Open in new window

Notice that Port 2222 is actually for something else.
grep 2222 services
rockwell-csp2	2222/udp    # Rockwell CSP2
rockwell-csp2	2222/tcp    # Rockwell CSP2

Open in new window

While most ISPs have that in their TOS, the vast majorty usually don't patrol it or block it.  I've never been blocked on any port by any ISP yet.  They have that TOS mainly to keep you from complaining and having to support you when it's not working, not because they really want to actively block you.  They don't want everyone calling them up asking, "Why can't my server be seen?  Please help me set it up."  It's mainly so their tech support doesn't have to field your calls.  If you have encountered an ISP that actually blocks, then you should switch ISPs.  If any ISP had been blocking, we'd have fewer active malware in the Windows 2000 and early XP days.  That definitely hasn't been the case and Microsoft had to harden their OS so that it's now basically only installed through active user intervention.  We also wouldn't have so many linux malware C&C servers all over the internet.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Services

From novice to tech pro — start learning today.