SCP Permission Denied: What causes it? How to Fix?
SCP is an open SSH file transfer utility that you can use on Linux and other supported operating systems to transfer files over SSH. It can be used to transfer files between two hosts using an SSH connection.
The SCP ‘permission denied’ error can occur due to a variety of reasons, such as incorrectly specified paths or a writing permission error. We will explore some of the reasons as to why this error occurs and how to resolve it.
Cause : Not having write permissions
One reason this error occurs is that your user does not have write permissions for the specific directory on the host where you are trying to write files. To check these permissions, you can use the ‘ls -l’ command, which will display the write permissions.
Look for a ‘w’ in the first four alphabets in the first column of the output. If you see one, it means your user has write permission for that directory. Alternatively, you can always create a file using the touch command in that directory. If you receive no errors, such as ‘permission denied,’ then it means your user has write permissions.
Example:
Let’s say you want to copy a file to a remote host using SCP, and you get permission denied because of write permissions.
scp abcd.txt user@127.0.0.1:/home/abcduser/abcd.txt
Solution 1 : Use the root account to transfer files
To fix such an error, you need to grant write permissions to your user for that directory. For that, you need root privileges or sudo. Another thing you can do is to copy the file to a directory where your user has write permissions.
In such a scenario, you either need to allow your current user the write permissions on /home/abcduser or you can use the root user account to copy that file.
To allow the root user to copy a file using scp, you need to allow root login on ssh which is not recommended for security reasons but you can use it anyway in such scenarios and disable it afterwards.
To do that, open the openssh config at /etc/ssh/sshd_config and uncomment PermitRootLogin in a text editor in the remote host
Afterwards, connect to the remote host using its root account.
Then run the command like this:
scp abcd.txt root@127.0.0.1:/abcduser/abcd.txt
Or simply this will do
scp abcd.txt 127.0.0.1:/abcduser/abcd.txt
As they are both the same.
Solution 2: Add your user to the write permissions group:
To have a user write on a directory/file in linux, you either need to add a user to the group that owns the directory or file or make the file owned by that user.
In our example, we run ls -l on the /home/ directory on the remote system to see which group owns /home/abcd.
The ls -l command will give you an output, where the contents of the 4th column is the group which owns a corresponding directory/file.
In our example, it’s the abcduser group which owns the directory /home/abcduser then we can
Simply run this command on the remote system.
sudo groupadd user abcd
It’s the ‘abcd’ group we want our user to be part of and the user we want to change the group of, is ‘user’.
Run the ls -l command again and if you see a ‘w’ in the 6th place of the output in the first column, then it means the group has write permissions on that directory.
Then rerun the command again, which in our case would be:
scp abcd.txt user@somepc:/home/abcduser/abcd.txt
Solution 3: Use the user that owns that directory to copy the file
The simplest solution of all is to use the user which owns that directory to copy the file to it.
Simply run ls -l on the directory. In our case it would be:
ls -l /home/
The output of the third column will be the user that owns that directory corresponding to the name of the directory you are interested in. In our case, it’s abcduser owns the directory /home/abcduser as seen in the screenshot above.
Then use that particular account while copying the file using scp to the remote host.
In our case, we run the command as follow:
scp abcd.txt abcduser@127.0.0.1:/home/abcduser/abcd.txt
Cause 2: Not having a private key for that user of the remote host
You might get an error where it would say scp permission denied (public key) when you are trying to transfer files between hosts.
That’s an authentication issue of ssh and the reason for that is you haven’t added a private key to scp while running it.
Example:
scp somefile user@127.0.0.1:/home/user/somefile.txt
Solution:
A simple fix for it is to run the scp command with the -i flag, thus adding the private key for that user using which you want to connect to the remote host and transfer files.
You need to make sure you have the private key for that user and if you don’t, you need to generate it on the remote machine, and then have scp utility use it using the -i flag.
In our case, the solution would be:
scp -i key.pem somefile user@127.0.0.1:/home/user/somefile.txt
Where key.pem is the private key file for the user ‘user’.
Note: We have used 127.0.0.1 as the remote host just for example, in your case the remote host would likely be a remote machine and not your localhost.