File Transfer on Linux Servers: Moving Files To and From a Machine You Can't Touch

Your server lives somewhere far away with no USB port you can reach. So how do files get on and off it? Learn the core ways to transfer files to a Linux server — scp, sftp, rsync, and downloading directly — plus when to use each and the gotchas that trip people up.

Published September 25, 202611 min readBy ACY Partner Indonesia
File transfer on Linux servers — moving files between your machine and a remote server
300 × 250Ad Space AvailablePlace your ad here

Your server is sitting in a data center somewhere, possibly on another continent. There’s no USB port you can reach, no drag-and-drop window, no screen to plug a flash drive into. Yet somehow your website’s files, your config files, your backups — all of it has to get there. And when something breaks at 2 a.m., you need to pull a log file off it just as quickly. So how does that actually happen?

The answer is a handful of small, reliable tools that have been doing this job for decades. Once you understand the few core ways to move files across a network, you’ll never feel stuck staring at a remote machine again. Let’s walk through them — what they are, when to reach for each, and the small details that save you a lot of frustration.

The problem: a computer you can only reach over the network

When a server is remote, you interact with it almost entirely through the network. You already do this when you open a terminal session on it — and if you’ve read about the command line, you know that text-based connection is your main steering wheel. File transfer is the same idea, just for files instead of commands.

There’s a useful mental split here. Some transfers go from your machine to the server (uploading your website, pushing a config change). Some go from the server to your machine (downloading a log, grabbing a backup). And some bring files from the internet straight onto the server, never touching your laptop at all. Each direction has a natural tool, and most of them ride on top of the same secure connection your terminal already uses.

   YOUR LAPTOP                         REMOTE SERVER
        │                                   │
        │   upload  ───────────────────►    │   (scp / sftp / rsync)
        │                                   │
        │   download ◄───────────────────   │   (scp / sftp / rsync)
        │                                   │
        │              ┌─────────────┐      │
        └──────────────│  INTERNET   │──────┴──►  download straight
                       └─────────────┘           onto the server
                                                 (wget / curl)

Almost every secure transfer tool you’ll meet is built on top of SSH — the same encrypted channel you use to log into a server and run commands. That’s the key thing to hold onto: if you can SSH into a box, you can almost certainly move files to and from it too, because the file tools borrow that exact connection.

Secure by default, and that matters

Older tools like FTP sent your files — and sometimes your password — across the network in plain, readable text. On today’s internet that’s a serious risk. The tools we focus on here (scp, sftp, rsync over SSH) encrypt everything end to end, so anyone snooping on the connection just sees scrambled noise. Whenever you have the choice, pick the SSH-based tool. Plain FTP belongs in the past.

scp — the quick “copy this file over there”

scp stands for secure copy. It’s the most direct tool of the bunch: think of it as the regular cp copy command, except one end lives on a remote server. If you just need to shove a single file or a folder onto a server (or pull one back), scp is often the fastest thing to type.

The shape of the command is always source then destination:

# Upload a local file TO the server
scp report.pdf john@server.example.com:/home/john/

# Download a file FROM the server to your current folder
scp john@server.example.com:/var/log/app.log .

# Copy an entire folder (the -r means "recursive", i.e. include everything inside)
scp -r ./website john@server.example.com:/var/www/

Read those colons carefully — they’re the whole trick. Anything in the form user@host:/path means “this part is on the remote machine.” Anything without a colon is a path on your local machine. So scp here.txt user@host:/there/ reads almost like a sentence: copy here.txt from here, to /there/ over on the host.

scp is wonderfully simple, and for a one-off “just get this file across” it’s hard to beat. Where it falls short is anything repeated or large: it copies everything every single time, with no memory of what it sent before. If you re-upload a folder, it re-sends all of it, even the parts that didn’t change. For that, there’s a smarter tool.

rsync — the smart, resumable copy for big jobs

rsync does the same fundamental job as scp — move files between machines — but it’s far cleverer about it. Its superpower is that it only transfers the differences. The first time you sync a folder, it copies everything. The second time, it looks at both sides, figures out what actually changed, and sends only those bits. For a website with thousands of files where you changed three of them, that turns a multi-minute upload into a one-second one.

# Sync a local folder up to the server (note the trailing slashes — they matter)
rsync -av ./website/ john@server.example.com:/var/www/website/

# Pull a folder down from the server
rsync -av john@server.example.com:/var/www/website/ ./backup/

The flags you’ll use constantly:

  • -a (“archive”) — copy folders recursively and preserve useful details like file permissions and timestamps. This is the one you almost always want.
  • -v (“verbose”) — print each file as it goes, so you can see what’s happening.
  • -z — compress data during transfer, which can speed things up over a slow connection.
  • --delete — make the destination match the source exactly, removing files on the server that no longer exist locally. Powerful, and a little dangerous — read the warning below.

The trailing slash and --delete will bite you

Two rsync details cause most of its accidents. First, a trailing slash on the source means “copy the contents of this folder,” while no slash means “copy the folder itself.” rsync ./site/ dest/ and rsync ./site dest/ put files in different places. Second, --delete removes anything on the destination that isn’t in the source — so a typo in the source path can wipe files you meant to keep. Before any real --delete run, add --dry-run: it shows you exactly what would happen without touching anything. Look at that output, then remove the flag and run for real.

Because rsync is resumable and efficient, it’s the standard choice for deploying websites, copying backups, and any job that runs more than once. If you find yourself reaching for scp repeatedly on the same folder, that’s your cue to switch to rsync.

sftp — an interactive file session

Sometimes you don’t know exactly which file you want yet. You want to look around the remote machine, see what’s there, then grab a file or two. That’s what sftp is for. Despite the name’s resemblance to old FTP, SFTP runs over SSH and is fully encrypted — it’s a completely different, secure thing.

Starting it drops you into an interactive prompt where you “walk” the remote filesystem with familiar commands:

sftp john@server.example.com
sftp> ls                 # list files on the SERVER
sftp> cd /var/log        # change directory on the SERVER
sftp> get app.log        # download a file to your machine
sftp> put backup.tar.gz  # upload a file to the server
sftp> lcd ~/Downloads    # change directory on your LOCAL machine
sftp> bye                # quit

The neat trick is the l prefix: cd and ls act on the remote server, while lcd and lls act on your local machine. So you can line up the right folder on each side, then get and put files between them. It feels like browsing two computers at once, which is exactly what you’re doing.

sftp shines when you’re exploring or when you only realize what you need after you’ve looked. For scripted, repeatable transfers, scp or rsync are usually cleaner because they’re a single line. Many graphical file-transfer apps are really just friendly windows wrapped around SFTP, so if you’ve ever dragged files onto a server in an app, you’ve already used it without knowing.

Downloading straight onto the server with wget and curl

Not every file needs to pass through your laptop. Often the file you want is already on the internet — a software package, an installer, a public dataset — and the fastest path is to have the server fetch it directly. Routing a large download through your home connection just to upload it again would be slow and pointless.

Two universal tools handle this, run while you’re logged into the server:

# wget — built for downloading; saves the file by its own name
wget https://example.com/software.tar.gz

# curl — a swiss-army transfer tool; -O keeps the original filename
curl -O https://example.com/software.tar.gz

Both grab the file over the network and drop it right onto the server’s disk, never touching your machine. wget is the simplest for a plain download. curl does far more (it speaks many protocols and is the go-to for testing APIs), but for “just download this URL,” either is fine. This pattern is everywhere in server work — half of every setup guide is some variation of “download this onto the server, then run it.”

Always check what you downloaded

When you pull a file straight onto a server, you usually want to confirm it arrived intact and is what you expected — especially for anything you’re about to run. Many download pages publish a checksum (a short fingerprint like an SHA-256 hash) next to the file. After downloading, you compute the hash of your copy and compare. If they match, the file is complete and untampered. It’s a thirty-second habit that catches corrupted downloads and, occasionally, something worse.

A quick word on permissions and ownership

Moving a file onto a server is only half the story. Once it lands, Linux still cares who owns it and who’s allowed to read, write, or run it. A file you upload often arrives owned by your user, which can be a problem if the program that needs it runs as a different user. This is exactly the territory covered by file permissions and users and groups — worth a look if a freshly uploaded file mysteriously “can’t be accessed” by your application.

The common pattern after an upload is a quick fix of ownership and permissions:

# Make the web server user own the uploaded site files
sudo chown -R www-data:www-data /var/www/website

# Give the owner read/write, others read-only
chmod -R 644 /var/www/website

You don’t need to memorize these now. Just file away the idea that transfer puts the file there; permissions decide whether anything can use it. A surprising number of “it uploaded but doesn’t work” mysteries are simply a permissions mismatch, not a transfer problem.

Which tool should you actually reach for?

With four-ish tools doing overlapping jobs, here’s the short version of when to use each:

┌─────────────┬──────────────────────────────────────────────┐
│ scp         │ One quick file or folder, copied right now    │
│ rsync       │ Repeated / large transfers; deploys; backups  │
│ sftp        │ Browsing the server, grabbing files as you go │
│ wget / curl │ Pulling a file from the internet onto the     │
│             │ server, skipping your laptop entirely         │
└─────────────┴──────────────────────────────────────────────┘

If you only learn two, make them rsync and wget. rsync covers nearly every “move my stuff between my machine and the server” need efficiently, and wget covers “grab something from the web onto the server.” Add scp for the truly quick one-offs and sftp for the rare time you want to poke around interactively, and you’re equipped for almost anything.

Wrapping up

Here’s the whole picture in one place:

  • A remote server has no USB port and no screen you can reach, so files move over the network — and the secure tools all ride on the same SSH connection your terminal uses.
  • scp is a direct “copy this file over there.” Simple and great for one-offs; it re-sends everything every time.
  • rsync is the smart, resumable copy that transfers only what changed — the standard for deploys, large folders, and anything you do more than once. Watch the trailing slash and --delete, and use --dry-run first.
  • sftp gives you an interactive, encrypted session to browse the server and get/put files as you go.
  • wget and curl download files from the internet straight onto the server, skipping your machine entirely.
  • After a transfer, remember that permissions and ownership decide whether anything can actually use the file.

Once files move freely between you and a server, the next natural step is making the machine do work on its own schedule — running backups, cleanups, and reports automatically without you typing a command each time. That’s where scheduled tasks come in.

Tags:linuxserverscprsyncbeginner
728 × 90Ad Space AvailablePlace your ad here

Related Articles

See All Articles

You Might Also Like

SSL and encryption at rest — data protected in transit and on disk
Server / Server Security

SSL and Encryption at Rest: Protecting Data Both in Transit and on Disk

Encryption protects your data in two places: while it travels the network (in transit) and while it sits on disk (at rest). Learn the difference, why you need both, how TLS, full-disk encryption, and key management actually fit together, and the practical mistakes to avoid — explained from the.

Nov 9, 202613 min read
Securing ports and services — closing the doors on a server you don't use
Server / Server Security

Securing Ports and Services: Closing the Doors You Don't Use

Every open port on a server is a door someone could try to walk through. Learn what ports and services really are, why an exposed service is your biggest risk, and the simple discipline of closing everything you don't need — explained from the ground up.

Nov 8, 202611 min read
Principle of least privilege — granting only the minimum access each user and process needs
Server / Server Security

The Principle of Least Privilege: Give Everything Only the Access It Truly Needs

Least privilege is the quiet rule behind almost every solid security setup: every user, process, and key gets the minimum access required to do its job, and nothing more. Learn what it means, why it limits the blast radius of any breach, and how to apply it across users, services, files, and keys.

Nov 7, 202613 min read
Fail2ban and intrusion basics — watching logs and automatically banning repeated abusers
Server / Server Security

Fail2ban and Intrusion Basics: Automatically Banning the Bots Hammering Your Server

Attackers don't stop after one failed guess — they keep hammering, thousands of times a day. Learn how intrusion attempts actually look, what fail2ban does, how it watches your logs and bans abusers automatically, and how to set it up sensibly without locking yourself out — explained from zero.

Nov 6, 202613 min read
Keeping software updated — closing known security holes before attackers use them
Server / Server Security

Keeping Software Updated: The Boring Habit That Stops Most Server Breaches

Most servers don't get hacked through clever new attacks — they get hacked through old, known holes that a simple update would have closed. Learn why updates matter, what to update, how to do it safely without breaking things, and how to make it a habit instead of a panic.

Nov 5, 202610 min read
Firewall configuration — a default-deny rule set that opens only the ports you need
Server / Server Security

Firewall Configuration: Setting Up Default-Deny Rules Without Locking Yourself Out

Knowing what a firewall is and actually configuring one well are two different skills. Learn how to write a default-deny rule set, order rules correctly, allow your own access first, handle IPv6 and cloud security groups, and test before you commit — a practical, vendor-neutral guide from zero.

Nov 4, 202615 min read