Best IT Recipes

How to run scp with a second remote host

I wonder if there is a way to transfer the SCP file from the remote2 host directly from my local computer by going through the remote1 host.

Networks only allow connection to a remote host from remote1. In addition, neither the host remote1 nor the host remote2 can scp to my local machine.

Is there something like:

scp user1@remote1:user2@remote2:file .

First window: ssh remote1 , then scp remot2:file . .

Second shell: scp remote1:file .

First window: rm file; logout rm file; logout

I could write a script to complete all these steps, but if there is a direct way, I would prefer to use it.

Thank.

EDIT: I think it's kind of opening SSH tunnels, but I'm confused about what value to put where.

At the moment, to access remote1 I have the following in $HOME/.ssh/config on my local machine.

 Host remote1 User user1 Hostname localhost Port 45678

As soon as remote1 , to access remote2 , it is the standard local DNS and port 22. What should I put on remote1 and / or change it to localhost ?

+68
scp
Feb 04 2018-12-12T00:
source share
5 answers

I don’t know how to copy a file directly to a single command, but if you can give way to running an SSH instance in the background to just open the port forwarding tunnel, you can copy the file to a single command.

Like this:

 # First, open the tunnel ssh -L 1234:remote2:22 -p 45678 user1@remote1 # Then, use the tunnel to copy the file directly from remote2 scp -P 1234 user2@localhost:file .

Note that you are connecting as user2@localhost in a valid scp command because on the local host on port 1234 it is the first ssh instance listening on direct connections to remote2 . Also note that you do not need to run the first command for each subsequent copy of the file; you can just leave it to work.

+87
04 Feb 2018-12-12T00:
source share

Dual ssh

Even in a difficult case, you can handle file transfers using a single command line, just using ssh ;-)
And this is useful if remote1 cannot connect to localhost :

 ssh user1@remote1 'ssh user2@remote2 "cat file"' > file

tar

But you lose the properties of the file (ownership, permissions ...).

However, tar is your friend to save these file properties:

 ssh user1@remote1 'ssh user2@remote2 "cd path2; tar c file"' | tar x

You can also compress to reduce network bandwidth:

 ssh user1@remote1 'ssh user2@remote2 "cd path2; tar cj file"' | tar xj

And tar also allows you to migrate a recursive directory through basic ssh :

 ssh user1@remote1 'ssh user2@remote2 "cd path2; tar cj ."' | tar xj

ionice

If the file is huge and you do not want to disturb other important network applications, you can skip the network bandwidth limit provided by scp and rsync tools (for example, scp -l 1024 user@remote:file do not use more than 1 Mbps).

But a workaround is using ionice to save one command line:

 ionice -c2 -n7 ssh u1@remote1 'ionice -c2 -n7 ssh u2@remote2 "cat file"' > file

Note: ionice may not be available on older distributions.

+64
04 Feb '12 at 9:01
source share

This will do the trick:

 scp -o 'Host remote2' -o 'ProxyCommand ssh user@remote1 nc %h %p' user@remote2:path/to/file .

To make the SCP file directly from the remote2 host, add two parameters ( Host and ProxyCommand ) to your ~ / .ssh / config file (see also this superuser answer). Then you can run:

 scp user@remote2:path/to/file .

from your local machine without remote1 about remote1 .

+29
Apr 22 '13 at
source share

With openssh version 7.3 and higher, this is easy. Use the ProxyJump parameter in the configuration file.

 # Add to ~/.ssh/config Host bastion Hostname bastion.client.com User userForBastion IdentityFile ~/.ssh/bastion.pem Host appMachine Hostname appMachine.internal.com User bastion ProxyJump bastion # openssh 7.3 version new feature ProxyJump IdentityFile ~/.ssh/appMachine.pem. #no need to copy pem file to bastion host

Commands to run to login or copy

 ssh appMachine # no need to specify any tunnel. scp helloWorld.txt appMachine:. # copy without intermediate jumphost/bastion host copy.**

Of course, you can specify the Bastion Jump host command using the -J option for the ssh command if it is not configured in the configuration file.

Note that scp does not currently support the -J flag. (I could not find in the man pages. However, the above scp works with setting up the configuration file)

+5
Mar 22 '18 at 7:39
source share

This configuration works well for me:

 Host jump User username Hostname jumphost.yourorg.intranet Host production User username Hostname production.yourorg.intranet ProxyCommand ssh -q -W %h:%p jump

Then the team

 scp myfile production:~

Copies myfile to a production machine.

0
May 03 '19 at 6:49
source share


More articles:


All Articles