On my Fedora 20 system I use scp a lot, and this is the second time I encounter this. When I run this command:
scp -r -P PORT user@host:/home/user/something/{file1,folder1,folder2,folder3,folder4} folder/folder2/
it asks me for the password for each file/directory it transfers.
user@host's password: "password here"
Question:
What is happening here?
Is this normal, I would think this is very peculiar behavior?
Your local shell (probably bash) is expanding
user@host:/home/user/something/{file1,folder1,folder2,folder3,folder4}
into:
user@host:/home/user/something/file1 user@host:/home/user/something/folder1 user@host:/home/user/something/folder2 user@host:/home/user/something/folder3 user@host:/home/user/something/folder4
Instead, you can do:
scp -r -P PORT user@host:"/home/user/something/file1 /home/user/something/folder1 /home/user/something/folder2 /home/user/something/folder3 /home/user/something/folder4" folder/folder2/
or, if you know user's login shell on the remote end is bash, you can use brace expansion too:
scp -r -P PORT user@host:"/home/user/something/{file1,folder1,folder2,folder3,folder4}" folder/folder2/
to have the remote shell split the string into arguments instead of the local shell.
Yes, it's normal. What happens is that your shell expands the braces before running the command so what you're actually running is
scp -r -P PORT user@host:/home/user/something/file1 \
user@host:/home/user/something/folder1 \
user@host:/home/user/something/folder3 \
user@host:/home/user/something/folder4 folder/folder2
Basically, scp sees multiple connection requests so opens a new connection for each of them. One way The simplest way(using quotes as suggested by @geirha is simpler for a one-off operation) to solve this is to set up passwordless ssh/scp:
$ ssh-keygen
$ ssh-copy-id -p PORT user@host
After running those two commands once (and answering the prompts as needed), you will be able to ssh/scp without using a password for all future ssh connections. This is i) actually more secure and ii) much more convenient.
scp isn't very smart: when given multiple command line arguments that are files from the same remote host, it opens a new connection for each argument.
You can use rsync instead of scp, it's smarter this way (and in other ways).
rsync -r -e 'ssh -P PORT' user@host:/home/user/something/{file1,folder1,folder2,folder3,folder4} folder/folder2/
Another approach is to pass a single argument to scp that describes multiple files.
A different approach is to set up your system so that you don't have to authenticate all the time. Preferably, set up key authentication, which is in most scenarios both more convenient and more secure. Alternatively, or in addition, set up connection sharing, so that you only need to authenticate once per session. In any case, set up an alias so you don't have to specify the username and port every time. In your ~/.ssh/config:
ControlMaster auto
ControlPath ~/.ssh/control:%h:%p:%r
Host nick
HostName real-host-name.example.com
User bob
Port 1234
Run ssh -Nf nick to open a connection, and then all subsequent connections to nick will piggyback on the existing connection. Now you can just run
scp -r nick:/home/user/something/{file1,folder1,folder2,folder3,folder4} folder/folder2/
id.rsawill have600permissions by default andsshwon't even work if it doesn't. This means it is safe from anyone butrootand nothing is really safe fromroot, certainly not passwords. – terdon Nov 10 '14 at 16:14ssh-keygenand 2) ssh/scp will complain and ask for a password if the file is readable by anyone else. At least on Linux anyway. – terdon Nov 10 '14 at 16:19