How to Transfer Files over DigitalOcean Private Networks (Passwords)
DigitalOcean offers private networking in all datacenter regions at no additional cost. Private networking creates a second network interface, unreachable from the Internet, that can be used to communicate with other Droplets in your account within the same datacenter. Private networking is useful when you want to transfer data securely between servers or reduce outbound bandwidth usage.
In this article, we'll explain how to transfer files between Droplets that use password-based authentication. We highly recommend that using SSH keys instead of passwords for better security. You can learn more about them in How To Set Up SSH Keys and follow the guide How to Transfer Files over DigitalOcean Private Networks (SSH Keys) for directions that use key-based authentication.
If you're using passwords to log into your Droplet, these instruction are for you.
To follow along with this tutorial, you will need to create two Droplets in the same data center:
With Private networking enabled
How To Create Your First DigitalOcean Droplet can help you get started. Be sure when you reach the Select additional options section that you check the Private networking box.
Without adding SSH Keys
To use key-based authentication see How to Transfer Files over DigitalOcean Private Networks (SSH Keys) instead.
In addition, you'll need to log into each Droplet after creation and reset the root password. Because you're required to reset the root password when you first log in, you can't succeed at transferring the files if you haven't successfully reset it.
Once you have completed these steps, you're ready to begin.
Step 1 — Creating a Test File
We've named our servers Droplet-01 and Droplet-02. Be sure to substitute the IP address for your Droplets in the commands below.
We'll begin by using the public IP address of our first Droplet to log in:
- ssh root@IP_of_Droplet-01
Once we're connected we'll use the
echo command to create some content and direct it into a new file called
- echo "Private networking test" > ~/test.txt
In the next step, we'll transfer this file to our second Droplet using Rsync.
Step 2 — Transferring the file over the Private Network
When we direct commands like
rsync at a public IP address, the traffic automatically routes over the public network. However, if we direct it to an IP address on our private network, the traffic stays on the private network.
We'll use Rsync to transfer the test file we created in the last step from Droplet-01 to Droplet-02 over the private network. To do this, we need Droplet-02's Private IP address.
Locating the Private IP address
We'll click Droplet-02's name in the Control Panel. On Droplet-specific pages, both the public and private IP addresses are displayed near the top of the page:
Copy the Private IP of your Droplet and substitute it below.
- rsync --verbose ~/test.txt Droplet-02-private_ip:/tmp
We've added the
--verbose flag so that we can see the output from the command, followed by the path and name of the file we want to transfer,
test.txt. Finally, we provided the private IP address the destination Droplet and the directory on that Droplet where we want to transfer the file (
/tmp), separated by a colon (
We'll press ENTER to send the command.
The first time we connect to the new host, we'll be warned that the authenticity of the host can't be established, which is expected since we've never connected from Droplet-01 before. If we connect as a different user, we'll see this message again.
OutputThe authenticity of host '203.0.113.22 (203.0.113.22)' can't be established. ECDSA key fingerprint is SHA256:EXAMPLEqpYH7rwiJhfiwF0yFurW21RGhLOYa1c7yuqM. Are you sure you want to continue connecting (yes/no)? yes
yes and press ENTER.
Next, we'll enter the password when we're prompted.
For security purposes the password is not displayed. Once we've supplied the password, we'll press ENTER to continue.
Because we added
--verbose, we should receive output similar to the following:
Outputsent 85 bytes received 41 bytes 22.91 bytes/sec total size is 24 speedup is 0.19
Note: If you haven't reset the password on the second Droplet, the transfer will fail and you'll receive output like:
OutputPassword change required but no TTY available. rsync: connection unexpectedly closed (0 bytes received so far) [sender]
To fix this, log into the destination Droplet via SSH and reset the password.
Once the transfer is complete, we'll log into the second Droplet and verify that the file is present in the
Step 3 — Verifying the Transfer
From our local machine we'll log into Droplet-02:
Once there, we'll use
cat to check that our
test.txt file is present in the
We should get the text we entered in Step 1.
OutputPrivate networking test
At this point, we've confirmed that we can move data over the private network.
In this tutorial, we've copied a file over the private network using Rsync.
- We recommend that you secure your new servers by following the initial server setup guide for your Droplets.
- You can connect over the private network more securely and more conveniently using SSH keys.
- You may also wish to configure a DigitalOcean Cloud Firewall to restrict which the servers and ports that are allowed to connect.