OpenSSH use scp with identification file

Hey there,
I am currently trying to copy a script from a local machine to a remote machine.

I have set up a keypair and can establish a ssh connection using this keypair.

Originally I used:

scp ${fileToCopy} ${remoteUser}@${remoteIp}:~

which works fine, but I need to type in the password every time.

I tried:

scp -i ~/.ssh/authFile.ppk ${fileToCopy} ${remoteUser}@${remoteIp}:~

but this outputs:

The authenticity of host '...' can't be established

Is there a way to use scp with a ssh key?

Thank you but I don’t how the method used is different then mine.
The user suggested:

scp -i ~/.ssh/mytest.key root@<filepath on host>  <path on client>

to copy from to client, which is the same as my method, isn’t it?

Is it working now?

You have to give a ssh-key not a putty key :wink:

This message is always displayed on first connection. Something like this

$ ssh user@hostname
The authenticity of host 'hostname (v.x.y.z)' can't be established.
ED25519 key fingerprint is SHA256:P4QBIqLt6g6JU5P3po0WRLF+mr0ypYhhG3iGgCprM20.
This host key is known by the following other names/addresses:
    ~/.ssh/known_hosts:15: v.x.y.z
Are you sure you want to continue connecting (yes/no/[fingerprint])?

The reason is the fingerprint of the remote system not being in ~/.ssh/known_hosts.

You will need to add the fingerprint to the known_hosts file. You are usually prompted on first connection which is why a scripted first connection never works.

You can however bypass this check by adding the following option to your connection command

-o "StrictHostKeyChecking=no"

Or modify your ~/.ssh/config to include (the default is ask as documented in /etc/ssh/ssh_config).

Host *
  StrictHostKeyChecking no

Using scp with a keyfile works as expected assuming the publc part has been transferred to the host beforehand.

When you create a keyfile - you will be prompted for password to unlock the private part of the keyfile and this password must be used on all connections to unlock the private key.

If you do not want to depend on the unlocking the private key - you can omit the password when creating the keyfile.

Doing so will lower the security on your keypair - so you must guard the private key well.

When you generate a keypari with ssh-keygen - you are prompted for a filename.

If you use a filename of name.ppk then putty will accept this key as well as Filezilla’ sftp function.

The .pub part is transferred to the remote host - the private key is used to verify the public key previously transferred to the host


ssh-keygen -t ed25519 -f ~/.ssh/my-service-ed25549.ppk

will generate

$ ls ~/.ssh/my-service*
.ssh/my-servivce.ppk   .ssh/

This sounds like the right answer. I am currently not able to verify that his solves the problem but i will let you know if it worked.

Thanks in advanced!

You will be prompted for a password to unlock the private part of the keyfile when you create it, and this password must be used on all connections to unlock the private key.