54
34
I have my local.machine, the proxy.machine and target.machine. local.machine doesn't have direct contact with target.machine, but needs to go through proxy.machine.
I want to scp a file from target.machine to local.machine. Is this possible to do with just one command from local.machine?
grm
Posted 2010-08-10T11:24:15.957
Reputation: 2 164
64
I know this is a late answer, but I just found out a cool way to do this. It is basically Holger Just's answer, but in a saved config file:
You need to put this in your ~/.ssh/config file on local.machine, (creating the file if it does not exist)
Host target.machine
User targetuser
HostName target.machine
ProxyCommand ssh proxyuser@proxy.machine nc %h %p 2> /dev/null
After saving the file, you can just use
ssh target.machine
any time you want to connect. Scp also will work as it also respects the ssh config file. So will Nautilus, if you're using GNOME and want to use a GUI.
user24925
Posted 2010-08-10T11:24:15.957
Reputation: 828
20
You can now* do this as a one-liner, without requiring nc anywhere:
scp -o "ProxyCommand ssh pcreds@proxy.machine -W %h:%p" tcreds@target.machine:file .
Explanation
pcreds and tcreds represent your proxy and target credentials if required (username, username:password, etc.).
This is possible because of a built-in netcat-like ability, removing the requirement for nc on the intermediate host. Using ssh -W host:port sets up a tunnel to the specified host and port and connects it to stdin/stdout, and then scp runs over the tunnel.
The %h and %p in the ProxyCommand are replaced with the target host and port from the outer scp command, to save you having to repeat them.
For even more convenience, you can configure the proxy in your ssh configuration:
Host target.machine
ProxyCommand ssh pcreds@proxy.machine -W %h:%p
and from then on just do
scp tcreds@target.machine:file .
* since OpenSSH 5.4 - released March 2010
CupawnTae
Posted 2010-08-10T11:24:15.957
Reputation: 355
1Verified this indeed works well, and does not leave stale NC processes laying around on the proxy machine. – LaXDragon – 2016-05-06T15:01:46.457
1Where can I specify the port of the proxy ? – Marged – 2017-12-07T18:01:21.587
1@Marged I'm not in a position to try it here at the moment, but I think you should be able to include -p <portnum> before the -W in either method to specify the proxy port – CupawnTae – 2017-12-10T21:04:13.413
1It took me a while to figure out that the -i option (if you need it) goes inside the quotes. The proxy ssh does not by default use the same private key specified by any -i option supplied directly to scp. I guess that is obvious when you think about it. – Keeely – 2018-11-24T21:30:38.413
19
You can do it in one command, but you need netcat (nc) installed on the proxy machine:
ssh -o "ProxyCommand ssh poxyuser@proxy.machine nc -w 1 %h 22" targetuser@target.machine
[EDIT: mixed up the order of machines...]
Holger Just
Posted 2010-08-10T11:24:15.957
Reputation: 678
Nice try, but where should I add the username for proxy and for login? – grm – 2011-04-13T11:49:37.730
Jzst before the machine names, with an @. I edited my answer to reflect that. – Holger Just – 2011-04-13T18:37:04.010
18
If you don't mind using rsync instead of scp, you can use the following one-liner:
rsync -v --rsh "ssh proxy.machine ssh" target.machine:/remote/file /local/dir/
(you'll need passwordless access to the proxy machine)
dubek
Posted 2010-08-10T11:24:15.957
Reputation: 571
8
$ ssh -f -N -L <localport>:<target.machine:port> user@proxy.machine
$ scp target-user@local.machine:/remote/file -P <localport> .
OK, actually two commands...
weeheavy
Posted 2010-08-10T11:24:15.957
Reputation: 561
1How can I specify the port of my proxy ? In my case 8080 – Marged – 2017-12-07T18:00:28.040
@Marged add -p <portnumber> to your ssh command – weeheavy – 2018-01-21T20:51:13.680
6
A one-liner? Not off the top of my head. You need to establish a proxy first and you can't do that with scp by itself.
When doing it manually, I open up a screen session for my tunnel:
screen -S tunnel
Screen is used to keep the tunnel going in a background shell. Use any technique you want to keep the tunnel open in the background (@weeheavy's answer is probably the simplest). Once in the screen session I start my tunnel like so
ssh -L 2222:target.machine:22 [user@]proxy.machine
To break that down, that basically says "On my local machine, open port 2222 and any connetion hitting localhost:2222 is proxied through proxy.machine to target.machine:22"
Once you've got the ssh connection and tunnel established, detach from the screen session with "C-a d". To get back to that screen session, type screen -raAd tunnel
Once you are back in your original shell your scp command will look like
scp -P 2222 localhost:your/file/on/target.machine local/path
Remember that localhost port 2222 is really just a tunnel going to target.machine.
whaley
Posted 2010-08-10T11:24:15.957
Reputation: 1 376
3
Appears that scp supports the"-o" option just like ssh does, though I'm not sure how to pass it a proxy username/password:
scp -o "ProxyCommand=nc -X connect -x proxyhost:proxyport %h %p" remote_user@remote_host:remote_path local_path
If you get nc: invalid option -- X see https://stackoverflow.com/a/23616021/32453
rogerdpack
Posted 2010-08-10T11:24:15.957
Reputation: 1 181
dope bro, worked straightaway :) – Elouan Keryell-Even – 2016-06-02T14:06:09.817
2
How about:
scp -o "ProxyCommand ssh user@myproxyserver.com nc %h %p" your.filename username@yourdestination.yourdomain.com:/whatever_location
eggroll77
Posted 2010-08-10T11:24:15.957
Reputation: 19
or possibly username:password here? – rogerdpack – 2015-09-11T19:44:15.263
1
Another simple solution to transfer a source_file from the source_host to a destination_host via a proxy_host:
Log in on the proxy_server:
ssh login@proxy_host
From the proxy server, transfer the source_file from the source_host to the destination_host (you can type this as one line, omitting the \,
or as two lines, as shown below):
scp login@source_host:/path_to_source_file \
login@destination_host:/path_to_destination_directory
This requires that the login on the source_host to the proxy_host uses an rsa_key.
lomai
Posted 2010-08-10T11:24:15.957
Reputation: 11
1
I followed this article and found an answer which works for me. (Because the answers above don't work for me).
How to scp a file through an intermediate host (a.k.a. jump host)
http://mperdikeas.github.io/networking.html.files/scp-a-file-through-jump-host.html
And my answer is as below:
scp -oProxyCommand="ssh -W %h:%p {username}@{proxy_IP}" \
{source_file} {remote_username}@{remote_IP}:{remote_file_path}
Example:
scp -oProxyCommand="ssh -W %h:%p ubuntu@10.60.10.145" \
archive.gz wise@35.xxx.xxx.xxx:/home/wise/archive.gz
I hope this answer could help you.
Wise Lin
Posted 2010-08-10T11:24:15.957
Reputation: 11
1
You could try something like:
ssh user@proxy.machine "ssh user@target.machine 'cat > file'" < file
But it won't work if your proxy.machine needs to ask you password (that SSH is not in a TTY, so askpass will fail).
If you have more than one file, you could use tar like this (untested, I usually use a netcat that way):
tar cf - file1 file2 folder1/ | ssh user@proxy.machine "ssh user@target.machine 'tar xvf -'"
Eric Darchis
Posted 2010-08-10T11:24:15.957
Reputation: 1 178
0
In case you need to use public keys you will need something like this.
Host target-machine
User target-user
HostName target.example.com
IdentityFile /path/to/file.pem
ProxyCommand ssh bastion -W %h:%p
Host bastion
User bastion-user
HostName bastion.example.com
IdentityFile /path/to/file.pem
Leo
Posted 2010-08-10T11:24:15.957
Reputation: 101
How can we copy from local machine to target machine with proxy? – Mulagala – 2017-11-16T11:34:57.050
5Just a quick note. If you are using an alternative identity file via the -i command line option for ssh, you need to specify that option for both the ProxyCommand configuration and the ssh command line. – BillMan – 2013-05-15T18:32:57.960
73 things that might help, 1) it would help if you also showed the
Host proxy.machinelines in the same~/.ssh/configfile, 2) Mention whether these commands can be nested (ie. client connects to proxy host 1 which connects to proxy host 2 which connects to...target) and 3) whatnc %h %pmeans – puk – 2013-11-14T06:00:38.530