Use Secure Copy

Secure Copy (“SCP”) provides a secure means of copying files to and from NetStorage using SSH for authentication and security. It is, however, limited to file transfers and cannot be used for other management tasks. Because of this limitation, you may want to use the SSH File Transfer Protocol (SFTP), which has largely superseded SCP and is a more capable SSH-based tool.

Prerequisites before using SCP with NetStorage

  • SSH keys. You need to apply a secure SSH key to an upload account.
  • Domain name prefix. Prepend your domain name prefix to the upload domain.
  • Upload domain. <Domain name prefix>.scp.upload.akamai.com
  • Username. All secure connections use sshacs as the username.

Example domain: This example uses an example domain name prefix of nsmediadocs and the scp.upload.akamai.com upload domain to give a fully-qualified upload domain of: sshacs@nsmediadocs.scp.upload.akamai.com

Secure Copy guidelines and requirements

You should meet these requirements when using Secure Copy.

  • OpenSSH version 6.7 (or later) - For multi-threading and higher window sizes. See additional information on OpenSSH.
  • High Performance Network Patches (Recommended) - These patches are applied to remove a networking bottleneck that exists in the base OpenSSH code. Additional details are available via an FAQ.
  • Is the client CPU maxing out? This is unlikely if you are using a wide-area network, but if it does happen, you can use the multi-threaded AES-CTR cipher if that meets your security needs.

Wild cards and symlinks

When using SCP to interact with a NetStorage storage group, these limitations apply:

  • Wild Card Notation (Globbing) is not supported

SCP connection command format

Values displayed in “< >” represent variables and you should replace them with the actual options.

scp [-1234BCpqrv] [-c <cipher>] [-F <ssh_config>] [-i <identity_file>] [-l <limit>] [-o <ssh_option>] [-P <port>] [-S <program>][[user@]host1:] file1[...] [[user@]host2:]file72

SCP examples using OpenSSH

These examples show you how to connect with SCP and issue basic commands.

Example OpenSSH SCP connection

This example uses the OpenSSH SCP client from a command line. It uses an example domain name prefix of nsmediadocs and the scp.upload.akamai.com upload domain.

scp -i <private key> sshacs@nsmediadocs.scp.upload.akamai.com

Upload a local file to the remote server

This example sends the local movie.mp4 file to the remote /movies directory.

scp -i <private key> C:\local_folder\movie.mp4 sshacs@nsmediadocs.scp.upload.akamai.com:/movies

# Response output
movie.mp4                       100%   40KB  40.4KB/s   00:00

Recursively upload a local directory to a remote server

This example recursively sends content from the local C:\local_folder\ directory to the remote /movies directory, automatically creating subdirectories as needed.

scp -i <private key> -r C:\local_folder\ sshacs@nsmediadocs.scp.upload.akamai.com:/movies

# Response output
.dotfile                        100%    0     0.0KB/s   00:00
example.txt                     100%   15KB  14.9KB/s   00:00
movie.mp4                       100%   40KB  40.4KB/s   00:00
subtitle.srt                        100% 5029     4.9KB/s   00:00

Secure Copy (SCP) connection options

This section covers the available SecureCopy (SCP) commands supported by NetStorage. NetStorage supports the normal command set for SCP (except where noted) in this table:

OptionDescription
-1Use SSH protocol 1
Note: NetStorage does not support SSH protocol 1 -- This command is not supported for use.
-2Use SSH protocol 2
-4Use only IPv4 addresses
-6Use only IPv6 addresses
-BUse batch mode
-CUse compression
-c <cipher>Specify the “<cipher>” for encrypting the data transfer
-F <ssh_config>Designate a substitute per-user SSH configuration file (i.e., define it as the “<ssh_config>” variable)
-i <identity_file>If applicable, include this option and set the “<identity_file>” variable as the complete path to, and file name of the private SSH key file.
-l <limit>Include this command and set the “<limit>” variable to the maximum bandwidth to be used (in kilobits per second)
-o <ssh_option>Send the specified “<ssh_option>” to SSH in the ssh_config format. Available options include the following (Detailed information on each of these options can be found at http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config):
  • AddressFamily
  • BatchMode
  • BindAddress
  • ChallengeResponseAuthentication
  • CheckHostIP
  • Cipher
  • Ciphers
  • Compression
  • CompressionLevel
  • ConnectionAttempts
  • ConnectTimeout
  • ControlMaster
  • ControlPath
  • GlobalKnownHostsFile
  • GSSAPIAuthentication
  • GSSAPIDelegateCredentials
  • HashKnownHosts
  • Host
  • HostbasedAuthentication
  • HostKeyAlgorithm
  • HostKeyAlias
  • HostName
  • IdentityFile
  • IdentitiesOnly
  • KbdInteractiveDevices
  • LogLevel
  • MACs
  • NoHostAuthenticationForLocalHost
  • NumberOfPasswordPrompts
  • PasswordAuthentication
  • Port
  • PreferredAuthentications
  • Protocol
  • ProxyCommand
  • PubKeyAuthentication
  • RekeyLimit
  • RhostsRSAAuthentication
  • RSAAuthentication
  • SendEnv
  • ServerAliveInterval
  • ServerAliveCountMax
  • SmartcardDevice
  • StrictHostKeyChecking
  • TCPKeepAlive
  • UsePrivilegedPort
  • User
  • UserKnownHostsFile
  • VerifyHostKeyDNS
-P <port>Connect to port on the remote host
-pSave the original file’s modification/access times, and modes
-qTurn off the progress meter
-rCopy recursively
-S <program>Specify the <program> to use for connecting
-vDisplay the operation’s execution step by step

Use an SCP client support

Supported SCP clients

NetStorage allows the use of common SCP clients. Complete details on referenced SCP clients and components — including how to apply the “private key” file for an applicable SSH key — can be found at their respective links.

Unsupported SCP clients

Any client not listed as supported should be considered unsupported. Third-party clients may include features not supported by NetStorage.

  • WinSCP. This client is unsupported for use with the SCP protocol, but can be used as a client with the SFTP protocol. See Use SSH File Transfer Protocol (SFTP) for detailed instructions.

🚧

Usage instructions aren't provided for these third-party components. It is assumed that you are familiar with their use. Use an unsupported client at your own risk.


Did this page help you?