Link to home
Start Free TrialLog in
Avatar of Tessando
TessandoFlag for United States of America

asked on

How To Copy From Ubuntu to Mac OS Desktop using SSH

I am running Ubuntu 14.04.5 LTS in Amazon Web Services with an Elastic IP and an inbound connection for my Static IP.

I need to simply copy files from Ubuntu (Ubuntu 14.04.5) to my local mac (running OS 10.14.2) and then copy them back, both using a Terminal window and SSH.

I've tried scp, but can't seem to get the command correct as the error I'm getting is:

"ssh: connect to host **.*.**.*.** port 22: Connection timed out" (This IP is the Elastic IP).

What am I doing wrong? Help! Thanks in advance. :-)
Avatar of Kimputer

Probably some default security still in place. Check the security groups and rules/rights assigned to that group.
Avatar of Tessando


Thanks Kimputer - Are you suggesting on the Mac side or the Ubuntu side? I've confirmed the security groups both inbound and outbound traffic.
You're supposed to use the key that was created for your AWS instance to connect.
examples from amazon guide:
ssh -i /path/my-key-pair.pem
So, you'll need to do the same with scp.
scp -i /path/my-key-pair.pem /path/SampleFile.txt

If that's too troublesome, you can preload the key.

eval `ssh-agent`

After that's done, you should be able to just do the following:
scp  /path/SampleFile.txt
Avatar of David Favor
David Favor
Flag of United States of America image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
3) Check your Mac, as usually sshd spins up on port 2222 on Macs.
No.  sshd on the Mac starts on the same standard port 22 as sshd on any linux or unix system.
4) Keep in mind you can't normally push data from AWS to any residential machine as most ISPs block this.
No.  This is only because you are behind a NAT, not because you can't push to your home system.  You just need to open a port on your gateway to forward to an internal system.  It's easier to pull the files than to set up a port forward that you must eventually monitor for attacks.
*sshd port* - Only way to determine for sure is to test.

imac> netinfo | grep ssh
tcp4       0      0  *.2222                 *.*                    LISTEN      131072 131072    269 /opt/local/sbin/sshd
tcp6       0      0  *.2222                 *.*                    LISTEN      131072 131072    269 /opt/local/sbin/sshd

Open in new window

*ISP TOS* - "This is only because you are behind a NAT, not because you can't push to your home system" - this may or may not be true.

Most ISPs have in their TOS that they do not allow any listening ports on residential machines. Some ISPs scan for listening port + send nasty email saying they will turn off your service if you don't stop. Other ISPs simply block incoming connections to all residential IPs they own.

If this is the case with your ISP, you can just run an ssh proxy command connecting some local port to a public IP/port, which provides access to your local machine services.

Or you can just take the simple approach + pull files... which works every time...

netinfo script

#!/usr/bin/env perl

# 2016-02-22: Initial

use strict;
use warnings;

my @listeners = `netstat -anv | egrep '^Proto|udp|tcp'`;
exit unless @listeners;

chomp @listeners;

my $ftt = 1;

foreach my $entry (@listeners) {

   $entry =~ s/\s+[^\s]+$//o;

   if ($ftt) {
      $ftt = 0;
      print $entry, "\n";
   elsif ($entry =~ /\bLISTEN\b/) {
      if ($entry !~ /^(.+)\s+(\d+)$/o) {
         die "WHOA! No pid in $entry\n" 
      else {
         my $head  = $1;
         my $pid   = $2;
         my ($cmd) = `ps -o command -p $pid | egrep -v COMMAND`; chop $cmd;
         print $head, ' ', $pid, ' ', $cmd, "\n";



Open in new window

If you have port 2222 as an sshd listening port, it's because you, or someone else, reconfigured sshd config at some point.  It's not the default port and has never been the default sshd port.  OS X is BSD based and uses standard sshd port 22.  When you turn on "Remote Login", aka sshd, in Sharing, it listens on port 22 by default.  I remap sshd ports on my own system to keep the script kiddies from spotting it in their indiscriminate scans and filling up my logs when I turn it on, but I have to change it.  Port 2222 is not the default sshd port on OS X.

Here's my Mac's /etc/services file that also lists ssh as port 22.
$ grep ssh services
ssh              22/udp     # SSH Remote Login Protocol
ssh              22/tcp     # SSH Remote Login Protocol

Open in new window

Notice that Port 2222 is actually for something else.
grep 2222 services
rockwell-csp2	2222/udp    # Rockwell CSP2
rockwell-csp2	2222/tcp    # Rockwell CSP2

Open in new window

While most ISPs have that in their TOS, the vast majorty usually don't patrol it or block it.  I've never been blocked on any port by any ISP yet.  They have that TOS mainly to keep you from complaining and having to support you when it's not working, not because they really want to actively block you.  They don't want everyone calling them up asking, "Why can't my server be seen?  Please help me set it up."  It's mainly so their tech support doesn't have to field your calls.  If you have encountered an ISP that actually blocks, then you should switch ISPs.  If any ISP had been blocking, we'd have fewer active malware in the Windows 2000 and early XP days.  That definitely hasn't been the case and Microsoft had to harden their OS so that it's now basically only installed through active user intervention.  We also wouldn't have so many linux malware C&C servers all over the internet.