How do I SCP a file through an intermediate server?

ssh scp ssh-tunnel

I'm using Ccygwin on WinXP (with the bash shell). I want to SCP a file from my localhost to a remote machine -- host2. However, I can only SSH to an intermediate machine -- host1, and then from there SSH to host2. (Note, I ccan't access host2 from my localhost).

I thought tunneling was my answer, but when I try to set up a tunnel

ssh -L 9999:localhost:9998 dalvarado@host1 'ssh -L 9998:localhost:1234 -N dalvarado@host2'

But after typing this command and hitting enter, the system just hangs. What is the proper way to setup a tunnel and then SCP a file after?

Thanks, -


Solution 1:

Since OpenSSH 7.3, you can use -J or -o ProxyJump to specify the bastion/jump host. Therefore, to SSH to node2 via node1:

ssh -J you@node1 you@node2

SCP doesn't have the -J argument, but it does allow -o, so this works:

scp -o ProxyJump=you@node1 file.txt you@node2:~

Solution 2:

This has already been answered best here.

To summarize: put the following in ~/.ssh/config

Host target.machine
User          targetuser
HostName      target.machine
ProxyCommand  ssh [email protected] nc %h %p 2> /dev/null

and then simply scp to target.machine any time you want to proxy via proxy.machine!

Also works for ssh, so will save you time ssh-ing to the target machine too.

Credit should go to user24925 who answered this in 2011.

Solution 3:

To set up a SSH tunnel, use the following format:

ssh -L 9999:host2:22 user@host1

This command connects to host1 as user and tunnels port 9999 on the computer issuing the command to port 22 on host2. -N is optional, or you can use something like top or watch to keep the session alive if needed.

Then, simply scp to host2 on localhost:9999.

Solution 4:

You could first scp the file to host1, like this:

scp file dalvarado@host1:.

Then do this to get it to host2:

ssh -t dalvarado@host1 'scp file dalvarado@host2:.'

The -t option to ssh forces it to allocate a pseudo-terminal, which may make it easier for scp on host1 to prompt you for a passphrase/password. If you have ssh-agent running and configured everywhere, you shouldn't be prompted for a passphrase/password.

I offer this alternative, because if you used a tunnel, you'd still need two commands: one to setup the tunnel and one to copy the file through it. This seems simpler.

Related

cat6 cable only getting 100mbps over larger distance
How can I modify button behavior for PC-only mice on Mac that don't emit USB-standard key events? [closed]
If a CPU has a 16 bit address bus and 8 bit words, how much memory can it address?
What is the email address format "Name <email>" called?
Unique least square solutions
Proving Dedekind finite implies finite assuming countable choice
How to prove that $\sum_{r=0}^n\binom{n}{r}2^r=3^n$
Proving that $ \gcd(a,b) = as + bt $, i.e., $ \gcd $ is a linear combination. [duplicate]
$G \times H \cong G \times K$ , then $ K \cong H$
If $G$ has no proper subgroup, then $G$ is cyclic of prime order
Group With an Endomorphism That is "Almost" Abelian is Abelian.
Describing integral closure of quadratic number fields