本文档风哥主要介绍RHEL LINUX 10系统中虚拟机与物理机文件传输实战,包括SCP协议的概念与原理、SSH认证方式、文件传输方法对比、网络连接规划、安全配置建议、传输性能优化、SCP基础使用、SCP高级用法、rsync文件同步、单文件传输实战、目录传输实战、批量文件传输实战等内容,参考Red Hat Enterprise Linux 10官方文档OpenSSH内容,适合运维人员在学习和测试中使用,如果要应用于生产环境则需要自行确认。更多视频教程www.fgedu.net.cn
Part01-基础概念与理论知识
1.1 SCP协议的概念与原理
SCP(Secure Copy Protocol)是一种基于SSH协议的安全文件传输协议,用于在本地主机和远程主机之间安全地传输文件。SCP使用SSH进行加密传输,确保数据在传输过程中的安全性。SCP支持文件和目录的传输,可以递归传输整个目录树。
- 基于SSH协议:使用SSH进行加密传输
- 安全性高:所有数据都经过加密
- 简单易用:命令行界面简单直观
- 支持递归传输:可以递归传输整个目录树
- 跨平台:支持Linux、Windows、macOS等平台
- 保留文件属性:保留文件的权限、时间戳等属性
1.2 SSH认证方式
SSH认证方式:
– 密码认证:使用用户名和密码进行认证
– 公钥认证:使用公钥和私钥进行认证
– 主机认证:验证远程主机的身份
– GSSAPI认证:使用Kerberos等认证机制
– 键盘交互认证:交互式输入认证信息
# 公钥认证优势
– 更安全:无需传输密码
– 更方便:无需每次输入密码
– 更高效:可以自动化脚本
– 更灵活:支持多种加密算法
1.3 文件传输方法对比
文件传输方法对比:
– SCP:基于SSH,安全可靠,适合小文件传输
– rsync:增量同步,适合大文件和目录同步
– SFTP:基于SSH,支持文件操作,适合交互式传输
– FTP:传统协议,不安全,适合内网传输
– HTTP/HTTPS:适合Web文件下载
– NFS:网络文件系统,适合共享存储
– SMB/CIFS:Windows共享协议,适合Windows环境
Part02-生产环境规划与建议
2.1 网络连接规划
网络连接规划:
– 网络模式选择:桥接模式、NAT模式、仅主机模式
– IP地址规划:静态IP或动态IP
– 端口映射:配置端口转发规则
– 防火墙配置:开放SSH端口(22)
– 网络连通性测试:确保虚拟机与物理机可以互相访问
– DNS配置:配置DNS解析
– 网络性能优化:调整网络参数,提高传输速度
2.2 安全配置建议
安全配置建议:
- 使用公钥认证:避免使用密码认证
- 禁用root登录:使用普通用户登录
- 修改SSH端口:避免使用默认端口22
- 限制访问源:使用防火墙限制访问源IP
- 启用日志记录:记录SSH登录日志
- 定期更新密钥:定期更换SSH密钥
- 使用强密码:使用复杂的密码
2.3 传输性能优化
传输性能优化:
– 使用压缩传输:使用-C参数启用压缩
– 调整加密算法:使用更快的加密算法
– 增加缓冲区大小:调整SSH缓冲区大小
– 使用rsync增量同步:减少传输数据量
– 并行传输:使用多线程传输
– 网络优化:调整网络参数
– 使用更快的网络:使用千兆网络或万兆网络
Part03-生产环境项目实施方案
3.1 SCP基础使用
3.1.1 从物理机上传文件到虚拟机
# scp /local/path/file.txt user@192.168.1.100:/remote/path/
user@192.168.1.100’s password:
file.txt 100% 123KB 1.2MB/s 00:00
# 2. 上传多个文件
# scp /local/path/file1.txt /local/path/file2.txt user@192.168.1.100:/remote/path/
user@192.168.1.100’s password:
file1.txt 100% 123KB 1.2MB/s 00:00
file2.txt 100% 456KB 2.3MB/s 00:00
# 3. 使用通配符上传文件
# scp /local/path/*.txt user@192.168.1.100:/remote/path/
user@192.168.1.100’s password:
file1.txt 100% 123KB 1.2MB/s 00:00
file2.txt 100% 456KB 2.3MB/s 00:00
file3.txt 100% 789KB 3.4MB/s 00:00
# 4. 上传目录(使用-r参数)
# scp -r /local/path/directory user@192.168.1.100:/remote/path/
user@192.168.1.100’s password:
file1.txt 100% 123KB 1.2MB/s 00:00
file2.txt 100% 456KB 2.3MB/s 00:00
file3.txt 100% 789KB 3.4MB/s 00:00
# 5. 使用压缩传输(使用-C参数)
# scp -C /local/path/file.txt user@192.168.1.100:/remote/path/
user@192.168.1.100’s password:
file.txt 100% 12KB 1.2MB/s 00:00
# 6. 指定SSH端口(使用-P参数)
# scp -P 2222 /local/path/file.txt user@192.168.1.100:/remote/path/
user@192.168.1.100’s password:
file.txt 100% 123KB 1.2MB/s 00:00
# 7. 保留文件属性(使用-p参数)
# scp -p /local/path/file.txt user@192.168.1.100:/remote/path/
user@192.168.1.100’s password:
file.txt 100% 123KB 1.2MB/s 00:00
# 8. 显示传输进度(使用-v参数)
# scp -v /local/path/file.txt user@192.168.1.100:/remote/path/
Executing: program /usr/bin/ssh host 192.168.1.100, user user, command scp -v -t /remote/path/
OpenSSH_9.0p1, OpenSSL 3.0.7 1 Nov 2023
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 192.168.1.100 [192.168.1.100] port 22.
debug1: Connection established.
…
file.txt 100% 123KB 1.2MB/s 00:00
3.1.2 从虚拟机下载文件到物理机
# scp user@192.168.1.100:/remote/path/file.txt /local/path/
user@192.168.1.100’s password:
file.txt 100% 123KB 1.2MB/s 00:00
# 2. 下载多个文件
# scp user@192.168.1.100:/remote/path/file1.txt user@192.168.1.100:/remote/path/file2.txt /local/path/
user@192.168.1.100’s password:
file1.txt 100% 123KB 1.2MB/s 00:00
file2.txt 100% 456KB 2.3MB/s 00:00
# 3. 使用通配符下载文件
# scp user@192.168.1.100:/remote/path/*.txt /local/path/
user@192.168.1.100’s password:
file1.txt 100% 123KB 1.2MB/s 00:00
file2.txt 100% 456KB 2.3MB/s 00:00
file3.txt 100% 789KB 3.4MB/s 00:00
# 4. 下载目录(使用-r参数)
# scp -r user@192.168.1.100:/remote/path/directory /local/path/
user@192.168.1.100’s password:
file1.txt 100% 123KB 1.2MB/s 00:00
file2.txt 100% 456KB 2.3MB/s 00:00
file3.txt 100% 789KB 3.4MB/s 00:00
# 5. 使用压缩传输(使用-C参数)
# scp -C user@192.168.1.100:/remote/path/file.txt /local/path/
user@192.168.1.100’s password:
file.txt 100% 12KB 1.2MB/s 00:00
# 6. 指定SSH端口(使用-P参数)
# scp -P 2222 user@192.168.1.100:/remote/path/file.txt /local/path/
user@192.168.1.100’s password:
file.txt 100% 123KB 1.2MB/s 00:00
# 7. 保留文件属性(使用-p参数)
# scp -p user@192.168.1.100:/remote/path/file.txt /local/path/
user@192.168.1.100’s password:
file.txt 100% 123KB 1.2MB/s 00:00
3.2 SCP高级用法
3.2.1 使用公钥认证进行文件传输
# ssh-keygen -t ed25519 -C “user@example.com”
Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/user/.ssh/id_ed25519):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_ed25519
Your public key has been saved in /home/user/.ssh/id_ed25519.pub
The key fingerprint is:
SHA256:abcdefghijklmnopqrstuvwxyz user@example.com
The key’s randomart image is:
+–[ED25519 256]–+
| .o. |
| . o . |
| . o . |
| . o . |
| . o . |
| . o . |
| . o . |
+—-[SHA256]—–+
# 2. 复制公钥到远程主机
# ssh-copy-id user@192.168.1.100
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: “/home/user/.ssh/id_ed25519.pub”
The authenticity of host ‘192.168.1.100 (192.168.1.100)’ can’t be established.
ED25519 key fingerprint is SHA256:abcdefghijklmnopqrstuvwxyz.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed — if you are prompted now it is to install the new keys
user@192.168.1.100’s password:
Number of key(s) added: 1
Now try logging into the machine, with: “ssh ‘user@192.168.1.100′”
and check to make sure that only the key(s) you wanted were added.
# 3. 测试SSH登录
# ssh user@192.168.1.100
Last login: Thu Apr 2 10:00:00 2026 from 192.168.1.1
[user@vm ~]$
# 4. 使用公钥认证进行文件传输
# scp /local/path/file.txt user@192.168.1.100:/remote/path/
file.txt 100% 123KB 1.2MB/s 00:00
# 5. 验证文件传输成功
# ssh user@192.168.1.100 “ls -l /remote/path/file.txt”
-rw-r–r–. 1 user user 123456 Apr 2 10:00 /remote/path/file.txt
3.3 rsync文件同步
3.3.1 rsync基础使用
# rsync -avz /local/path/file.txt user@192.168.1.100:/remote/path/
sending incremental file list
file.txt
sent 123,456 bytes received 35 bytes 246,982.00 bytes/sec
total size is 123,456 speedup is 1.00
# 2. 同步目录到远程主机
# rsync -avz /local/path/directory/ user@192.168.1.100:/remote/path/directory/
sending incremental file list
created directory /remote/path/directory
./
file1.txt
file2.txt
file3.txt
sent 1,368,123 bytes received 72 bytes 912,065.00 bytes/sec
total size is 1,368,000 speedup is 1.00
# 3. 从远程主机同步文件
# rsync -avz user@192.168.1.100:/remote/path/file.txt /local/path/
receiving incremental file list
file.txt
sent 35 bytes received 123,456 bytes 82,630.67 bytes/sec
total size is 123,456 speedup is 1.00
# 4. 从远程主机同步目录
# rsync -avz user@192.168.1.100:/remote/path/directory/ /local/path/directory/
receiving incremental file list
created directory /local/path/directory
./
file1.txt
file2.txt
file3.txt
sent 72 bytes received 1,368,123 bytes 912,065.00 bytes/sec
total size is 1,368,000 speedup is 1.00
# 5. 增量同步(仅传输变化的文件)
# rsync -avz –delete /local/path/directory/ user@192.168.1.100:/remote/path/directory/
sending incremental file list
deleting file4.txt
file1.txt
file2.txt
file3.txt
sent 1,234,567 bytes received 72 bytes 823,045.33 bytes/sec
total size is 1,234,500 speedup is 1.00
# 6. 显示传输进度
# rsync -avz –progress /local/path/file.txt user@192.168.1.100:/remote/path/
sending incremental file list
file.txt
123,456 100% 12.34MB/s 0:00:00 (xfr#1, to-chk=0/1)
sent 123,456 bytes received 35 bytes 246,982.00 bytes/sec
total size is 123,456 speedup is 1.00
# 7. 限制传输带宽
# rsync -avz –bwlimit=1000 /local/path/file.txt user@192.168.1.100:/remote/path/
sending incremental file list
file.txt
123,456 100% 976.56kB/s 0:00:00 (xfr#1, to-chk=0/1)
sent 123,456 bytes received 35 bytes 246,982.00 bytes/sec
total size is 123,456 speedup is 1.00
Part04-生产案例与实战讲解
4.1 单文件传输实战
4.1.1 上传配置文件到虚拟机
# cat > /tmp/nginx.conf << 'EOF' user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; events { worker_connections 1024; } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; include /etc/nginx/mime.types; default_type application/octet-stream; server { listen 80; server_name localhost; location / { root /usr/share/nginx/html; index index.html index.htm; } error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } } } EOF # 2. 上传配置文件到虚拟机 # scp /tmp/nginx.conf user@192.168.1.100:/tmp/ nginx.conf 100% 1234 1.2KB/s 00:00 # 3. 验证文件上传成功 # ssh user@192.168.1.100 "ls -l /tmp/nginx.conf" -rw-r--r--. 1 user user 1234 Apr 2 10:00 /tmp/nginx.conf # 4. 查看文件内容 # ssh user@192.168.1.100 "cat /tmp/nginx.conf" user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; events { worker_connections 1024; } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; include /etc/nginx/mime.types; default_type application/octet-stream; server { listen 80; server_name localhost; location / { root /usr/share/nginx/html; index index.html index.htm; } error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } } }
4.2 目录传输实战
4.2.1 上传Web应用目录到虚拟机
# mkdir -p /tmp/webapp
# cd /tmp/webapp
# 2. 创建HTML文件
# cat > index.html << 'EOF'
欢迎访问Web应用
这是一个简单的Web应用示例。
EOF
# 3. 创建CSS文件
# cat > style.css << 'EOF'
body {
font-family: Arial, sans-serif;
line-height: 1.6;
margin: 0;
padding: 20px;
background-color: #f4f4f4;
}
h1 {
color: #333;
font-size: 24px;
margin-bottom: 20px;
}
p {
color: #666;
font-size: 16px;
}
EOF
# 4. 创建JavaScript文件
# cat > app.js << 'EOF'
document.addEventListener('DOMContentLoaded', function() {
console.log('Web应用已加载');
});
EOF
# 5. 创建images目录
# mkdir -p images
# 6. 查看目录结构
# tree /tmp/webapp
/tmp/webapp
├── app.js
├── images
├── index.html
└── style.css
1 directory, 3 files
# 7. 上传Web应用目录到虚拟机
# scp -r /tmp/webapp user@192.168.1.100:/var/www/html/
app.js 100% 123 1.2KB/s 00:00
index.html 100% 456 4.5KB/s 00:00
style.css 100% 234 2.3KB/s 00:00
# 8. 验证目录上传成功
# ssh user@192.168.1.100 "tree /var/www/html/webapp"
/var/www/html/webapp
├── app.js
├── images
├── index.html
└── style.css
1 directory, 3 files
# 9. 验证文件内容
# ssh user@192.168.1.100 "cat /var/www/html/webapp/index.html"
欢迎访问Web应用
这是一个简单的Web应用示例。
4.3 批量文件传输实战
4.3.1 批量上传日志文件到虚拟机
# for i in {1..10}; do
echo “日志文件 $i 的内容” > /tmp/logfile$i.log
echo “时间戳: $(date)” >> /tmp/logfile$i.log
echo “日志级别: INFO” >> /tmp/logfile$i.log
echo “消息: 这是一条日志消息” >> /tmp/logfile$i.log
done
# 2. 查看日志文件
# ls -l /tmp/logfile*.log
-rw-r–r–. 1 root root 123 Apr 2 10:00 /tmp/logfile1.log
-rw-r–r–. 1 root root 123 Apr 2 10:00 /tmp/logfile2.log
-rw-r–r–. 1 root root 123 Apr 2 10:00 /tmp/logfile3.log
-rw-r–r–. 1 root root 123 Apr 2 10:00 /tmp/logfile4.log
-rw-r–r–. 1 root root 123 Apr 2 10:00 /tmp/logfile5.log
-rw-r–r–. 1 root root 123 Apr 2 10:00 /tmp/logfile6.log
-rw-r–r–. 1 root root 123 Apr 2 10:00 /tmp/logfile7.log
-rw-r–r–. 1 root root 123 Apr 2 10:00 /tmp/logfile8.log
-rw-r–r–. 1 root root 123 Apr 2 10:00 /tmp/logfile9.log
-rw-r–r–. 1 root root 123 Apr 2 10:00 /tmp/logfile10.log
# 3. 批量上传日志文件到虚拟机
# scp /tmp/logfile*.log user@192.168.1.100:/var/log/
logfile1.log 100% 123 1.2KB/s 00:00
logfile2.log 100% 123 1.2KB/s 00:00
logfile3.log 100% 123 1.2KB/s 00:00
logfile4.log 100% 123 1.2KB/s 00:00
logfile5.log 100% 123 1.2KB/s 00:00
logfile6.log 100% 123 1.2KB/s 00:00
logfile7.log 100% 123 1.2KB/s 00:00
logfile8.log 100% 123 1.2KB/s 00:00
logfile9.log 100% 123 1.2KB/s 00:00
logfile10.log 100% 123 1.2KB/s 00:00
# 4. 验证日志文件上传成功
# ssh user@192.168.1.100 “ls -l /var/log/logfile*.log”
-rw-r–r–. 1 user user 123 Apr 2 10:00 /var/log/logfile1.log
-rw-r–r–. 1 user user 123 Apr 2 10:00 /var/log/logfile2.log
-rw-r–r–. 1 user user 123 Apr 2 10:00 /var/log/logfile3.log
-rw-r–r–. 1 user user 123 Apr 2 10:00 /var/log/logfile4.log
-rw-r–r–. 1 user user 123 Apr 2 10:00 /var/log/logfile5.log
-rw-r–r–. 1 user user 123 Apr 2 10:00 /var/log/logfile6.log
-rw-r–r–. 1 user user 123 Apr 2 10:00 /var/log/logfile7.log
-rw-r–r–. 1 user user 123 Apr 2 10:00 /var/log/logfile8.log
-rw-r–r–. 1 user user 123 Apr 2 10:00 /var/log/logfile9.log
-rw-r–r–. 1 user user 123 Apr 2 10:00 /var/log/logfile10.log
# 5. 查看日志文件内容
# ssh user@192.168.1.100 “cat /var/log/logfile1.log”
日志文件 1 的内容
时间戳: Thu Apr 2 10:00:00 CST 2026
日志级别: INFO
消息: 这是一条日志消息
Part05-风哥经验总结与分享
5.1 文件传输最佳实践
文件传输最佳实践:
- 使用公钥认证:避免每次输入密码
- 使用rsync增量同步:减少传输数据量
- 使用压缩传输:提高传输效率
- 保留文件属性:保留文件的权限、时间戳等属性
- 显示传输进度:方便监控传输状态
- 限制传输带宽:避免占用过多网络带宽
- 使用更快的网络:使用千兆网络或万兆网络
- 定期备份重要文件:避免数据丢失
- 验证文件完整性:传输后验证文件完整性
- 记录传输日志:记录文件传输日志
5.2 常见问题排查
常见问题排查:
1. 连接超时
– 检查网络连通性
– 检查防火墙规则
– 检查SSH服务状态
2. 权限拒绝
– 检查文件权限
– 检查目录权限
– 检查用户权限
3. 认证失败
– 检查用户名和密码
– 检查SSH密钥配置
– 检查SSH服务配置
4. 传输中断
– 检查网络稳定性
– 检查磁盘空间
– 使用rsync增量同步
5. 传输速度慢
– 使用压缩传输
– 调整加密算法
– 使用更快的网络
5.3 文件传输工具推荐
文件传输工具推荐:
- scp:基于SSH的安全文件传输工具
- rsync:增量同步工具,适合大文件和目录同步
- sftp:基于SSH的文件传输协议
- FileZilla:图形界面文件传输工具
- WinSCP:Windows平台文件传输工具
- lftp:命令行文件传输工具
- wget:命令行下载工具
- curl:命令行数据传输工具
本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html
联系我们
在线咨询:
微信号:itpux-com
工作日:9:30-18:30,节假日休息
