How to download a file through (Putty) SSH

Question

Imagine the following situation:

I do not have direct SSH access to Server-A due to IP filtering restrictions. To access the server (from windows using putty), I first connect to Server-B, which has a white listed IP address, and from there SSH into Server-C, and then SSH from there to Server-A (I know that sounds insane, but unfortunately I do not have rights to change the IP filtering restrictions). Is there a way using putty/winscp/anything else to download a file from Server-A to my local PC?

score 4 · Accepted Answer · answered Jun 28 '11 at 13:24

Use port forwarding. WinSCP, for example, has an option to create a connection through a ssh tunnel and it uses port forwarding. Still, since you need to tunnel through two hops, you cannot use it.

I would propably first create a ssh connection to server-B which has a tunnel to server-C. You could use plink.exe for this (part of putty):

plink.exe -l username_on_server_B -L 8888:server-C:22 server-B

Now you can create a second tunnel, using a ssh connection to server-B, which leads to server-A (in a second cmd.exe shell):

plink.exe -l username_on_server_C -L 8889:server-A:22 -P 8888 localhost

After this, you should be able to connect to server-A using WinSCP. Instead of server-A, you connect to localhost port 8889, which will be tunneled to server-A.

This is untested but it should work I think.

twehad · Answer 2 · 2011-06-28T13:20:46.277

3

The easiest way without chains:

download file from Server-A to Server-C using scp
download file from Server-C to Server-B using scp
download file from Server-B to local PC using WinSCP

edited Jun 28 '11 at 13:20

answered Jun 28 '11 at 13:09

twehad

286
1
2

Mircea Vutcovici · Answer 3 · 2011-06-28T13:25:01.143

2

WinSCP has support for SSH tunneling. To enable it:

Click on "Advanced options" check box.
in the configuration tree click on "Connection/Tunnel" and here add the intermediate hop server.
in the configuration tree click on "Session" and configure the destination server. Save the session for later user by clicking "Save..."

You can chain the rest of connections using ssh tunneling. See the option -L for openssh: ssh -L 1234:remote_host:22 user@intermediate_hop. Then you can connect on remote_host ssh by using localhost:1234 on the intermediate_hop.

edited Jun 28 '11 at 13:25

answered Jun 28 '11 at 13:19

Mircea Vutcovici

16,706
4
52
80

He has *two* intermediate hops. Does WinSCP really provide this? – Moritz Both Jun 28 '11 at 13:26
No, WinSCP can use only one tunnel. But he can use another tunnel besides one provided by WinSCP. – Mircea Vutcovici Jun 28 '11 at 13:33

How to download a file through (Putty) SSH

3 Answers3