How to Use SCP with PEM File?

In Linux, SCP is one of the most popular tools for copying files from one system to another. Most users use password-based authentication for file transfers. Although it is a secure way of transferring files for additional security, SSH key-based authentication is used, which is available as a “.pem” file.

A Privacy Enriched Mail or PEM file is defined as a file that contains various encoded and encrypted data. It includes SSL/TLS certificates in a Base64- encoded format and public and private keys. 

This guide is about using SCP and PEM files, providing a detailed explanation of how file transfer works.

How to Generate a pem File for SCP on Linux?

A .pem file is a commonly used file format for SSL/TLS certificates and other types of cryptographic keys and data. To create a “.pem” file, a public/private ssh keypair is required.

Step 1: Generate an ssh Key Pair

To generate an ssh key pair (public and private) for SCP, use this command:

$ ssh-keygen

Here is an explanation of the above output.

  • The private and public keys are generated and stored in the file “1.txt
  • A passphrase is like a password to safeguard your system’s private key. It is not recommended to leave it blank because anyone with access to the system can copy the private key. However, if a passphrase is set, nobody can copy the private key unless they have the correct passphrase.
  • The key fingerprint in SSH-keygen is a sequence of characters uniquely identifying an SSH key. It is a hash value computed from the public key using a cryptographic algorithm. At the same time, SHA-256 is a hashing algorithm.

Step 2: Generate a .pem File

To create a “.pem” file using the public key created above, use this command:

$ ssh-keygen -f ~/.ssh/id_rsa -e -m pem

This will now generate a “.pem” file using the provided public key. You will now notice a new file, “,” created in the “.ssh” directory in the Home. 

Note: Directories starting with a “.” are hidden in Linux, so to view them, go to the directory and press “Control + H.

How to Upload a File or Directory Using SCP with a pem Key?

To upload a file or directory using scp with a pem key, make sure to send the public key to the host first using this command:

$ ssh-copy-id [email protected]

In the above command; the username is “itslinuxfoss,” which is followed by “@” and “IP-Address of the host.” You are required to change these credentials accordingly.

To ensure the public key was added to the remote system, execute this command:

The above output image confirms the key was sent.

Upload a File 

As explained earlier, uploading a file or directory using SCP with a pem file requires public and private keys. Here is an example of sending a file named “test” to a remote user, “itslinuxfoss,” with an IP:

$ scp -i pk_dsa.pem test [email protected]:test

Here, you must enter the password set to protect the private key(if prompted) from the users who have access to the system. Once done, the file is successfully uploaded. Once the file is sent, download it from the remote system.

Note: In some cases, such as the one above, it may not ask for the password set for the private key because the remote host was already in the system.

How to Download a File or Directory Using SCP with a pem Key?

To download a file or directory in the remote directory, the file must be sent, and make sure that “OpenSSH-server” is installed on both ends.

If the requirements are met, use this command to download:

$ scp -r -i pk_dsa.pem [email protected]:test /tmp

The file “test” is now downloaded on the remote host and is placed inside the “tmp” folder.


To create a “.pem” file using the SCP, use the “ssh-keygen -f ~/.ssh/id_rsa -e -m pem” command in Linux. After creating a “.pem” file, users can upload or download a directory or file through SCP. It adds more security to the file transfer. 

This guide has addressed using SCP with pem files and the procedure for sending the files with them.