We help IT Professionals succeed at work.

How To Copy From Ubuntu to Mac OS Desktop using SSH

215 Views
Last Modified: 2018-12-19
I am running Ubuntu 14.04.5 LTS in Amazon Web Services with an Elastic IP and an inbound connection for my Static IP.

I need to simply copy files from Ubuntu (Ubuntu 14.04.5) to my local mac (running OS 10.14.2) and then copy them back, both using a Terminal window and SSH.

I've tried scp, but can't seem to get the command correct as the error I'm getting is:

"ssh: connect to host **.*.**.*.** port 22: Connection timed out" (This IP is the Elastic IP).

What am I doing wrong? Help! Thanks in advance. :-)
Comment
Watch Question

KimputerIT Manager
CERTIFIED EXPERT

Commented:
Probably some default security still in place. Check the security groups and rules/rights assigned to that group.
TessandoIT Administrator

Author

Commented:
Thanks Kimputer - Are you suggesting on the Mac side or the Ubuntu side? I've confirmed the security groups both inbound and outbound traffic.
CERTIFIED EXPERT

Commented:
You're supposed to use the key that was created for your AWS instance to connect.

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstancesLinux.html
examples from amazon guide:
ssh -i /path/my-key-pair.pem ec2-user@ec2-198-51-100-1.compute-1.amazonaws.com
So, you'll need to do the same with scp.
scp -i /path/my-key-pair.pem /path/SampleFile.txt ec2-user@c2-198-51-100-1.compute-1.amazonaws.com:~

If that's too troublesome, you can preload the key.

eval `ssh-agent`
ssh-add
/path/my-key-pair.pem

After that's done, you should be able to just do the following:
ssh ec2-user@ec2-198-51-100-1.compute-1.amazonaws.com
scp  /path/SampleFile.txt ec2-user@c2-198-51-100-1.compute-1.amazonaws.com:~
Fractional CTO
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
CERTIFIED EXPERT

Commented:
3) Check your Mac, as usually sshd spins up on port 2222 on Macs.
No.  sshd on the Mac starts on the same standard port 22 as sshd on any linux or unix system.
4) Keep in mind you can't normally push data from AWS to any residential machine as most ISPs block this.
No.  This is only because you are behind a NAT, not because you can't push to your home system.  You just need to open a port on your gateway to forward to an internal system.  It's easier to pull the files than to set up a port forward that you must eventually monitor for attacks.
David FavorFractional CTO
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
*sshd port* - Only way to determine for sure is to test.

imac> netinfo | grep ssh
tcp4       0      0  *.2222                 *.*                    LISTEN      131072 131072    269 /opt/local/sbin/sshd
tcp6       0      0  *.2222                 *.*                    LISTEN      131072 131072    269 /opt/local/sbin/sshd

Open in new window


*ISP TOS* - "This is only because you are behind a NAT, not because you can't push to your home system" - this may or may not be true.

Most ISPs have in their TOS that they do not allow any listening ports on residential machines. Some ISPs scan for listening port + send nasty email saying they will turn off your service if you don't stop. Other ISPs simply block incoming connections to all residential IPs they own.

If this is the case with your ISP, you can just run an ssh proxy command connecting some local port to a public IP/port, which provides access to your local machine services.

Or you can just take the simple approach + pull files... which works every time...

netinfo script

#!/usr/bin/env perl

# 2016-02-22: Initial

use strict;
use warnings;

my @listeners = `netstat -anv | egrep '^Proto|udp|tcp'`;
exit unless @listeners;

chomp @listeners;

my $ftt = 1;

foreach my $entry (@listeners) {

   $entry =~ s/\s+[^\s]+$//o;

   if ($ftt) {
      $ftt = 0;
      print $entry, "\n";
   }
   elsif ($entry =~ /\bLISTEN\b/) {
      if ($entry !~ /^(.+)\s+(\d+)$/o) {
         die "WHOA! No pid in $entry\n" 
      }
      else {
         my $head  = $1;
         my $pid   = $2;
         my ($cmd) = `ps -o command -p $pid | egrep -v COMMAND`; chop $cmd;
         print $head, ' ', $pid, ' ', $cmd, "\n";
      }


   }

}

Open in new window

CERTIFIED EXPERT

Commented:
If you have port 2222 as an sshd listening port, it's because you, or someone else, reconfigured sshd config at some point.  It's not the default port and has never been the default sshd port.  OS X is BSD based and uses standard sshd port 22.  When you turn on "Remote Login", aka sshd, in Sharing, it listens on port 22 by default.  I remap sshd ports on my own system to keep the script kiddies from spotting it in their indiscriminate scans and filling up my logs when I turn it on, but I have to change it.  Port 2222 is not the default sshd port on OS X.

Here's my Mac's /etc/services file that also lists ssh as port 22.
$ grep ssh services
ssh              22/udp     # SSH Remote Login Protocol
ssh              22/tcp     # SSH Remote Login Protocol
..

Open in new window

Notice that Port 2222 is actually for something else.
grep 2222 services
rockwell-csp2	2222/udp    # Rockwell CSP2
rockwell-csp2	2222/tcp    # Rockwell CSP2

Open in new window

While most ISPs have that in their TOS, the vast majorty usually don't patrol it or block it.  I've never been blocked on any port by any ISP yet.  They have that TOS mainly to keep you from complaining and having to support you when it's not working, not because they really want to actively block you.  They don't want everyone calling them up asking, "Why can't my server be seen?  Please help me set it up."  It's mainly so their tech support doesn't have to field your calls.  If you have encountered an ISP that actually blocks, then you should switch ISPs.  If any ISP had been blocking, we'd have fewer active malware in the Windows 2000 and early XP days.  That definitely hasn't been the case and Microsoft had to harden their OS so that it's now basically only installed through active user intervention.  We also wouldn't have so many linux malware C&C servers all over the internet.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions