We hope you find this tutorial helpful. In addition to guides like this one, we provide simple cloud infrastructure for developers. Learn more →

How to Transfer Files over DigitalOcean Private Networks (Passwords)

PostedApril 9, 2018 1.7k views DigitalOcean Product Documentation

DigitalOcean offers private networking in all datacenter regions at no additional cost. Private networking creates a second network interface, unreachable from the Internet, that can be used to communicate with other Droplets in your account within the same datacenter. Private networking is useful when you want to transfer data securely between servers or reduce outbound bandwidth usage.

In this article, we'll explain how to transfer files between Droplets that use password-based authentication. We highly recommend that using SSH keys instead of passwords for better security. You can learn more about them in How To Set Up SSH Keys and follow the guide How to Transfer Files over DigitalOcean Private Networks (SSH Keys) for directions that use key-based authentication.

If you're using passwords to log into your Droplet, these instruction are for you.


To follow along with this tutorial, you will need to create two Droplets in the same data center:

In addition, you'll need to log into each Droplet after creation and reset the root password. Because you're required to reset the root password when you first log in, you can't succeed at transferring the files if you haven't successfully reset it.

Once you have completed these steps, you're ready to begin.

Step 1 — Creating a Test File

We've named our servers Droplet-01 and Droplet-02. Be sure to substitute the IP address for your Droplets in the commands below.

We'll begin by using the public IP address of our first Droplet to log in:

  • ssh root@IP_of_Droplet-01

Once we're connected we'll use the echo command to create some content and direct it into a new file called test.txt:

  • echo "Private networking test" > ~/test.txt

In the next step, we'll transfer this file to our second Droplet using Rsync.

Step 2 — Transferring the file over the Private Network

When we direct commands like ping or rsync at a public IP address, the traffic automatically routes over the public network. However, if we direct it to an IP address on our private network, the traffic stays on the private network.

We'll use Rsync to transfer the test file we created in the last step from Droplet-01 to Droplet-02 over the private network. To do this, we need Droplet-02's Private IP address.

Locating the Private IP address

We'll click Droplet-02's name in the Control Panel. On Droplet-specific pages, both the public and private IP addresses are displayed near the top of the page:

Private IP copy link highlighted

Copy the Private IP of your Droplet and substitute it below.

  • rsync --verbose ~/test.txt Droplet-02-private_ip:/tmp

We've added the --verbose flag so that we can see the output from the command, followed by the path and name of the file we want to transfer, test.txt. Finally, we provided the private IP address the destination Droplet and the directory on that Droplet where we want to transfer the file (/tmp), separated by a colon (:)

We'll press ENTER to send the command.
The first time we connect to the new host, we'll be warned that the authenticity of the host can't be established, which is expected since we've never connected from Droplet-01 before. If we connect as a different user, we'll see this message again.

The authenticity of host ' (' can't be established. ECDSA key fingerprint is SHA256:EXAMPLEqpYH7rwiJhfiwF0yFurW21RGhLOYa1c7yuqM. Are you sure you want to continue connecting (yes/no)? yes

We'll type yes and press ENTER.

Next, we'll enter the password when we're prompted.
For security purposes the password is not displayed. Once we've supplied the password, we'll press ENTER to continue.

Because we added --verbose, we should receive output similar to the following:

sent 85 bytes received 41 bytes 22.91 bytes/sec total size is 24 speedup is 0.19

Note: If you haven't reset the password on the second Droplet, the transfer will fail and you'll receive output like:

Password change required but no TTY available. rsync: connection unexpectedly closed (0 bytes received so far) [sender]

To fix this, log into the destination Droplet via SSH and reset the password.

Once the transfer is complete, we'll log into the second Droplet and verify that the file is present in the /tmp directory:

Step 3 — Verifying the Transfer

From our local machine we'll log into Droplet-02:

ssh root@Droplet-02-private_ip

Once there, we'll use cat to check that our test.txt file is present in the /tmp directory:

cat /tmp/test.txt

We should get the text we entered in Step 1.

Private networking test

At this point, we've confirmed that we can move data over the private network.

Next Steps

In this tutorial, we've copied a file over the private network using Rsync.

  • We recommend that you secure your new servers by following the initial server setup guide for your Droplets.
  • You can connect over the private network more securely and more conveniently using SSH keys.
  • You may also wish to configure a DigitalOcean Cloud Firewall to restrict which the servers and ports that are allowed to connect.


Creative Commons License