SFTP over double server hop

ssh sftp

I'm trying to work out a method to allow me to access files on an SFTP server than I cannot access from my local machine. Currently, I have to SSH to a remote server (it is in a certain IP block that the final SFTP server will accept from), then from there SFTP to the destination server. From there, I get the files I am interested in, thereby dropping them onto the middleman server, from which I can get the files either over a Samba share or with a direct scp. I also work in the reverse, where I drop the files onto the middleman, SSH to it then SFTP to the destination and put them into the appropriate folders.

My goal is to shorten this. The unfortunate restrictions are that my machine is Windows (I use KiTTy and/or Cygwin) and I cannot modify the middleman server (or destination server) in any way. I am willing to use command line or GUI programs so long as it works and is free.

Any ideas?


In essence, without the GUI or other conveniences:

ssh -o ProxyCommand='ssh myfirsthop nc -w 10 %h %p' mydestination

You can make this default by editing the config file, by default ~/.ssh/config

Host mydestination, mydest2, mydest3
ProxyCommand ssh myfirsthop nc -w 10 %h %p

This then allows you to do

ssh mydestination
scp mydest2:file.txt ./
scp file.txt mydest3:/tmp/

Of course, with that kind of magic you can easily

mkdir -pv /tmp/mydest3tmp          # create mountpoint
sshfs mydest3:/tmp /tmp/dest3tmp/  # mount :)

On windows, you'd use WinSCP which comes with (I think IIRC) PLINK (from Putty suite). I suppose the default location for the ssh config file is different (I'd have to google for it), but I'm sure it works more or less the same.

Note that the only thing you need for this to work is 'netcat (nc)' on the middle server (first hop). It is an ubiquitous tool on linux/UNIX[1]; It is quite easy to build a statically linked version that should work if you can copy it there in the first place.

[1] note that there are some flavours, so the -w option might need to be dropped/spelled differently


I'm not going to set this as the accepted answer because I never would have found it without @sehe and @Jakub, but here is what I found that simplifies everything...

WinSCP has the ability to use an SSH tunnel built-in. I don't know when this feature arrived, but I never noticed it before somehow.

WinSCP Tunnel settings

Related

What are "Commited Memory", "Cached", "Paged", "Not-paged pool" & How They are Different with "In-Use Memory"
IE: Why does Compatibility View disappear for some websites?
Google Chrome view saved form data
Visio alternatives [closed]
Why is Windows constantly spinning up my secondary HDD?
Why can't Chrome load a web page? ERR_NAME_NOT_RESOLVED
How to boot from a flash drive OS using VirtualBox?
Blank start menu icons on Windows 10
How do I uninstall and remove a .kext on Mac OS X?
How much information can websites get about your browser/PC?
Why aren't all applications 'portable'?
Windows utility to save/restore window size & position history? [closed]