Use the secure copy (scp) command in Linux to transfer files from your local computer to
your Linux or Unix instance, and from one instance to another in Amazon Lightsail. To learn
more about the scp command, see scp(1) — Linux manual
page
This tutorial walks you through the steps to copy files from one Lightsail instance to another.
Contents
Prerequisites
-
You have two Lightsail instances running, with the public IP addresses of both instances. To get the public IP address of your instance. Sign in to the Lightsail console
, and then copy the public IP address that is displayed next to your instance. -
You can access both instances using an SSH key pair. For more information, see Connect to Linux instances.
Step 1: Save the private key (.pem)
file to your local computer
Complete the following steps to save the private key (.pem) file to your local computer. The private key file for the target instance will be used to securely transfer files from one instance to another. To copy files between instances in the same AWS Region, you'll use the default key for that Region. To copy files between instances in different Regions, you'll use the default key for the Region that the target instance is in. To learn more about key pairs, see SSH and connecting to instances.
Note
If you’re using your own key pair, or you created a key pair using the Lightsail console, locate your own private key and use it to connect to your instance. Lightsail does not store your private key when you upload your own key or create a key pair using the Lightsail console. You cannot transfer files to your instance using scp without your private key.
To save the private key (.pem) to your local computer
-
Sign in to the Lightsail console
. -
Choose your User Name on the top navigation bar, and then choose Account from the drop-down.
-
Choose the SSH Keys tab.
-
Scroll down to the Default keys section of the page.
-
Choose Download next to the default private key for the AWS Region where the instance that you want to transfer the files to is located.
-
Save your private key in a secured location on your local drive.
You might want to move the downloaded key to a directory in which you store all of your SSH keys, such as a "Keys" folder in your user's home directory. You will need to refer to the directory where the private key is saved in the next section of this guide. If the private key attempts to save as a format other than
.pem
, you should manually change the format to.pem
before saving.
Step 2: Change the permissions of
the private key
In the following procedure you will change the permissions of your private key file to be readable and writable only by you.
To change the permissions of your private key file
-
Open a terminal window on your local machine.
-
Enter the following command to make the private key of the key pair readable and writable only by you. This is a security best practice required by some operating systems.
sudo chmod 400
/path/to/private-key
.pemIn the command, replace
with the directory path to where you saved the private key of the key pair that is being used by your instance./path/to/private-key
Example:
sudo chmod 400
/Users/user/Keys/LightsailDefaultKey-us-west-2
.pem
Step 3: Transfer the private key to your
instance
In the following procedure you will transfer the private key to your source instance by running the scp command from your local computer.
To use scp to transfer the private key from your computer to your source instance
-
Determine the location of the private key file on your computer and the destination path on the instance. In the following examples, the name of the private key file is
private-key.pem
, the user name for the source instance isec2-user
, the IPv4 address of the source instance ispublic-ipv4-address
, and the IPv6 address of the source instance ispublic-ipv6-address
. Thedestination-path/
is the location on source instance where you are transferring the private key to.Note
You can specify one of the following user names depending on the blueprint that is used by your instance:
-
AlmaLinux OS 9, Amazon Linux 2, Amazon Linux 2023, CentOS Stream 9, FreeBSD, and openSUSE instances:
ec2-user
-
Debian instances:
admin
-
Ubuntu instances:
ubuntu
-
Bitnami instances:
bitnami
-
Plesk instances:
ubuntu
-
cPanel & WHM instances:
centos
-
(IPv4) To transfer the private key file to the instance, enter the following command from your computer.
scp -i
/path/private-key
.pem/path/private-key
.pemec2-user
@public-ipv4-address
:path/
-
(IPv6) To transfer the private key file to the instance if the instance only has an IPv6 address, enter the following command from your computer. The IPv6 address must be enclosed in square brackets (
[ ]
), which must be escaped (\
).scp -i
/path/private-key
.pem/path/private-key
.pemec2-user
@\[public-ipv6-address
\]:path/
-
-
If you haven't already connected to the instance using SSH, you see a response like the following:
The authenticity of host 'ec2-198-51-100-1.compute-1.amazonaws.com (10.254.142.33)' can't be established. RSA key fingerprint is 1f:51:ae:28:bf:89:e9:d8:1f:25:5d:37:2d:7d:b8:ca:9f:f5:f1:6f. Are you sure you want to continue connecting (yes/no)?
Enter
yes
. -
If the transfer is successful, the response is similar to the following:
Warning: Permanently added 'ec2-198-51-100-1.compute-1.amazonaws.com' (RSA) to the list of known hosts. private-key.pem 100% 480 24.4KB/s 00:00
Now that you have transferred the private key to your source instance, you can securely connect to and transfer files to your target instance. Continue to the next step to learn how.
Step 4: Securely transfer files between
Lightsail Linux and Unix instances
In the following procedure you will run the scp command from one instance (source instance), to transfer files to another instance (target instance).
To use scp to transfer files between instances
-
Connect to the source instance using SSH. You can connect by using the terminal program on your local computer, or by using the browser-based SSH client in Lightsail. For more information, see Connect to Linux instances.
-
Determine the location of the files on the source instance and the destination path on the target instance. In the following examples, the name of the private key file is
private-key.pem
, the user name for the instance isec2-user
, the IPv4 address of the instance ispublic-ipv4-address
, and the IPv6 address of the instance ispublic-ipv6-address
. Thedestination-path/
is the location on the target instance where you are transferring the files to.-
(IPv4) To transfer files from the source instance to the target instance, enter the following command from the source instance.
scp -i
/path/private-key
.pem/path/my-file.txt
ec2-user
@public-ipv4-address
:destination-path/
-
(IPv6) To transfer files from the source instance to the target instance, enter the following command from the source instance. The IPv6 address must be enclosed in square brackets (
[ ]
), which must be escaped (\
).scp -i
/path/private-key
.pem/path/my-file.txt
ec2-user
@\[public-ipv6-address
\]:destination-path/
-
-
If you haven't already connected to the target instance using SSH, you see a response like the following:
The authenticity of host 'ec2-198-51-100-1.compute-1.amazonaws.com (10.254.142.33)' can't be established. RSA key fingerprint is 1f:51:ae:28:bf:89:e9:d8:1f:25:5d:37:2d:7d:b8:ca:9f:f5:f1:6f. Are you sure you want to continue connecting (yes/no)?
Enter
yes
. -
If the transfer is successful, the response is similar to the following:
Warning: Permanently added 'ec2-198-51-100-1.compute-1.amazonaws.com' (RSA) to the list of known hosts. my-file.txt 100% 480 24.4KB/s 00:00