ProxyJump
New in OpenSSH 7.3:
A$ scp -oProxyJump=B thefile C:destination
(Behind the scenes, this just uses ProxyCommand and ssh -W
.)
ProxyCommand
Updated to include -W from other answers:
A$ scp -oProxyCommand="ssh -W %h:%p B" thefile C:destination
If A has a very old SSH client installed (without -W
support), or if B is configured to disallow TCP forwarding (but still allows shell commands), use alternatives:
A$ scp -oProxyCommand="ssh B socat stdio tcp:%h:%p" thefile C:destination
A$ scp -oProxyCommand="ssh B nc %h %p" thefile C:destination
Pipes
A$ tar cf - thefile anotherfile | ssh B "ssh C \"cd destination && tar xvf -\""
A$ (echo thefile; echo anotherfile) | cpio -o | ssh B "ssh C \"cd destination && cpio -i\""
For just one file:
A$ ssh B "ssh C \"cd destination && cat > thefile\"" < thefile
"Tunnel" through B
A$ ssh -f -N -L 4567:C:22 B
(continues running in background)
A$ scp -P 4567 thefile localhost:destinationPath
When you're done, don't forget to kill the previously started ssh
process (which has dropped to background due to -f -N
).
-f
Requests ssh to go to background just before command execution. This is useful if ssh is going to ask for passwords or passphrases, but the user wants it in the background. This implies -n.
-N
Do not execute a remote command. This is useful for just forwarding ports.
Reverse "tunnel" through B to A
Doesn't always work though:
A$ ssh -f -N -R 4567:localhost:22 B
(now you can reach A from B, by using localhost:4567)
B$ scp -P 4567 localhost:thefile C:destination
-R
Specifies that connections to the given TCP port or Unix socket on the remote (server) host are to be forwarded to the given host and port, or Unix socket, on the local side.
6I know this doesn't answer the question, but for those who don't know about rsync, or don't know how to use it to hop through a host, this could be a useful tip: use the '-e' option with rsync like this:
A$ rsync <options> -e 'ssh B ssh' source C:destination
– Eddified – 2014-04-01T21:44:29.990