Avatar of Tessando
Tessando
Flag for United States of America asked on

How To Copy From Ubuntu to Mac OS Desktop using SSH

I am running Ubuntu 14.04.5 LTS in Amazon Web Services with an Elastic IP and an inbound connection for my Static IP.

I need to simply copy files from Ubuntu (Ubuntu 14.04.5) to my local mac (running OS 10.14.2) and then copy them back, both using a Terminal window and SSH.

I've tried scp, but can't seem to get the command correct as the error I'm getting is:

"ssh: connect to host **.*.**.*.** port 22: Connection timed out" (This IP is the Elastic IP).

What am I doing wrong? Help! Thanks in advance. :-)
Web ServicesAWSUbuntuLinuxLinux OS Dev

Avatar of undefined
Last Comment
serialband

8/22/2022 - Mon
Kimputer

Probably some default security still in place. Check the security groups and rules/rights assigned to that group.
Tessando

ASKER
Thanks Kimputer - Are you suggesting on the Mac side or the Ubuntu side? I've confirmed the security groups both inbound and outbound traffic.
serialband

You're supposed to use the key that was created for your AWS instance to connect.

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstancesLinux.html
examples from amazon guide:
ssh -i /path/my-key-pair.pem ec2-user@ec2-198-51-100-1.compute-1.amazonaws.com
So, you'll need to do the same with scp.
scp -i /path/my-key-pair.pem /path/SampleFile.txt ec2-user@c2-198-51-100-1.compute-1.amazonaws.com:~

If that's too troublesome, you can preload the key.

eval `ssh-agent`
ssh-add
/path/my-key-pair.pem

After that's done, you should be able to just do the following:
ssh ec2-user@ec2-198-51-100-1.compute-1.amazonaws.com
scp  /path/SampleFile.txt ec2-user@c2-198-51-100-1.compute-1.amazonaws.com:~
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
ASKER CERTIFIED SOLUTION
David Favor

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
serialband

3) Check your Mac, as usually sshd spins up on port 2222 on Macs.
No.  sshd on the Mac starts on the same standard port 22 as sshd on any linux or unix system.
4) Keep in mind you can't normally push data from AWS to any residential machine as most ISPs block this.
No.  This is only because you are behind a NAT, not because you can't push to your home system.  You just need to open a port on your gateway to forward to an internal system.  It's easier to pull the files than to set up a port forward that you must eventually monitor for attacks.
David Favor

*sshd port* - Only way to determine for sure is to test.

imac> netinfo | grep ssh
tcp4       0      0  *.2222                 *.*                    LISTEN      131072 131072    269 /opt/local/sbin/sshd
tcp6       0      0  *.2222                 *.*                    LISTEN      131072 131072    269 /opt/local/sbin/sshd

Open in new window


*ISP TOS* - "This is only because you are behind a NAT, not because you can't push to your home system" - this may or may not be true.

Most ISPs have in their TOS that they do not allow any listening ports on residential machines. Some ISPs scan for listening port + send nasty email saying they will turn off your service if you don't stop. Other ISPs simply block incoming connections to all residential IPs they own.

If this is the case with your ISP, you can just run an ssh proxy command connecting some local port to a public IP/port, which provides access to your local machine services.

Or you can just take the simple approach + pull files... which works every time...

netinfo script

#!/usr/bin/env perl

# 2016-02-22: Initial

use strict;
use warnings;

my @listeners = `netstat -anv | egrep '^Proto|udp|tcp'`;
exit unless @listeners;

chomp @listeners;

my $ftt = 1;

foreach my $entry (@listeners) {

   $entry =~ s/\s+[^\s]+$//o;

   if ($ftt) {
      $ftt = 0;
      print $entry, "\n";
   }
   elsif ($entry =~ /\bLISTEN\b/) {
      if ($entry !~ /^(.+)\s+(\d+)$/o) {
         die "WHOA! No pid in $entry\n" 
      }
      else {
         my $head  = $1;
         my $pid   = $2;
         my ($cmd) = `ps -o command -p $pid | egrep -v COMMAND`; chop $cmd;
         print $head, ' ', $pid, ' ', $cmd, "\n";
      }


   }

}

Open in new window

serialband

If you have port 2222 as an sshd listening port, it's because you, or someone else, reconfigured sshd config at some point.  It's not the default port and has never been the default sshd port.  OS X is BSD based and uses standard sshd port 22.  When you turn on "Remote Login", aka sshd, in Sharing, it listens on port 22 by default.  I remap sshd ports on my own system to keep the script kiddies from spotting it in their indiscriminate scans and filling up my logs when I turn it on, but I have to change it.  Port 2222 is not the default sshd port on OS X.

Here's my Mac's /etc/services file that also lists ssh as port 22.
$ grep ssh services
ssh              22/udp     # SSH Remote Login Protocol
ssh              22/tcp     # SSH Remote Login Protocol
..

Open in new window

Notice that Port 2222 is actually for something else.
grep 2222 services
rockwell-csp2	2222/udp    # Rockwell CSP2
rockwell-csp2	2222/tcp    # Rockwell CSP2

Open in new window

While most ISPs have that in their TOS, the vast majorty usually don't patrol it or block it.  I've never been blocked on any port by any ISP yet.  They have that TOS mainly to keep you from complaining and having to support you when it's not working, not because they really want to actively block you.  They don't want everyone calling them up asking, "Why can't my server be seen?  Please help me set it up."  It's mainly so their tech support doesn't have to field your calls.  If you have encountered an ISP that actually blocks, then you should switch ISPs.  If any ISP had been blocking, we'd have fewer active malware in the Windows 2000 and early XP days.  That definitely hasn't been the case and Microsoft had to harden their OS so that it's now basically only installed through active user intervention.  We also wouldn't have so many linux malware C&C servers all over the internet.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.