Scp command between 2 servers with 2 different .pem keys

Question

I want to transfer a folder from server A to server B with scp and 2 different .pem keys.

Is this the best way to go about it and will this actually work.

scp -i ~/Documents/server1.pem -r root@server1.com:~/location/to/dir -i ~/Documents/server2.pem ~/location/to/copy/to

or do I have to input:

scp -i ~/Documents/server1.pem -r root@server1.com:~/location/to/dir -i ~/Documents/server2.pem root@server2.com:~/location/to/copy/to

I am just not sure with the second location if I need to input the host or just the location. Many thanks for your help.

Answer 1

Create a config file like ~/scp_config:

Host src
    HostName server1.com
    User root
    CertificateFile %d/Documents/server1.pem

Host dest
    HostName server2.com
    User root
    CertificateFile %d/Documents/server2.pem

Then run

scp -3 -F ~/scp_config src:\~/location/to/dir dest:\~/location/to/copy/to

Answer 2

First of all, scp will only accept one -i option, so none of your commands will work.

Next, you are not using the -3 option. That means that the transfer will occur directly between server1 and server2, without passing through your machine. In that case, that would be on server1 that server2's certificate needs to be stored.

One solution was already given here. And if server1 can not connect directly to server2, see also here for the -3 option.

Another solution is to use two ssh processes, each with its own -i option. Something like:

ssh -i ~/Documents/server1.pem root@server1.com 'tar cz -C ~/location/to/dir .' \
| ssh -i ~/Documents/server2.pem root@server2.com 'tar xz -C ~/location/to/copy/to'

Notes:

• this way, the files pass through your own machine, like scp's -3 option
• you may want to create the destination directory first (add an mkdir -p command before tar x)
• you may want to use --no-same-owner in the tar x command to have the files owned by root, and not by their original owner