Get file from server using SFTP/SCP which requires user switch on jump host

0

1

I'm trying to find an instant way to get to connect the ServerB, which is behind the firewall, through Server A and exchange files between Server B and my laptop.

Normally, the ssh login process looks like this.

  1. My Laptop->MiddleMan:

mylaptop: ssh myUser@ServerA (password auth)

  1. MiddleMan->Destination:

ServerA: sudo -u sharedUser ssh ServerB (no password)

I have to login to Server A using a restricted account myUser first, switch myUser to sharedUser on Server A, since only that sharedUser have the key for Server B. I don't have the key for Server B, and I have no privilege to r/w using myUser on Server A.

I've tried the one OpenSSH/Cookbook/Proxies and Jump Hosts, but it won't work because the myUser for Server A does not have the key (sharedUser on Server A has it) for logging in Server B.

      ssh                 sudo su                   ssh
Me -----------> myUser@A ---------> sharedUser@A -----------> B
       ^                     ^                        ^
   password              switch user        using sharedUser@A's
authentication                                     ssh key

Questions:

  1. I would like to know if there is a way to connect to Server B "directly" through SSH Proxy, or something else?

  2. Is there a method to remotely exchange files with Server B using SFTP/SCP.. etc thorough serveral hops and username change?

Thanks!

oscarxvita

Posted 2019-01-23T11:33:25.427

Reputation: 1

1Edited. Actually I am asking for a way to transmit files between server behind several hops and local machine – oscarxvita – 2019-01-23T11:59:07.870

What is your platform on the local machine? – Martin Prikryl – 2019-01-23T13:49:21.213

@MartinPrikryl linux(centos 7) – oscarxvita – 2019-01-24T13:16:24.607

Answers

0

From mylaptop you can run a command on ServerA like this: ssh myUser@ServerA some_command. So this should be possible:

ssh -t myUser@ServerA sudo -u sharedUser ssh ServerB

Normally ssh that is supposed to run some_command doesn't allocate a pseudo-terminal, it only passes stdin, stdout, stderr. If you'd like to interact as if ssh ServerB was typed manually on ServerA, pseudo-terminal is needed. Therefore -t.

Pseudo-terminal would also be useful if sudo or the "inner" ssh asked for password.

You said you'd like to transfer files. The "inner" ssh can run a command on ServerB like the "outer" ssh runs a command on ServerA. The command may be cat, a file can be transferred (streamed) this way. In this case you shouldn't use -t, it would only mangle with the stream. Fortunately your sudo -u sharedUser ssh ServerB needs no password, so there's no conflict in whether to use -t or not.

To pull a file from ServerB:

>/local/file ssh myUser@ServerA sudo -u sharedUser 'ssh ServerB "cat </server/b/path/to/file"'

To push a file to ServerB:

</local/file ssh myUser@ServerA sudo -u sharedUser 'ssh ServerB "cat >/server/b/path/to/file"'

Proper quoting is very important to make the redirection just after cat affect cat (not ssh or sudo).

Kamil Maciorowski

Posted 2019-01-23T11:33:25.427

Reputation: 38 429

That's cool, could this help for scp/sftp file transmission between server B and laptop? – oscarxvita – 2019-01-23T12:00:47.283

@oscarxvita My answer now introduces a basic way to stream files. It's not exactly what you asked in the above comment though. – Kamil Maciorowski – 2019-01-23T12:47:17.407

Asked: 2019-01-23T11:33:25.427

Viewed: 291 times

Active: 2019-01-23T12:41:50.350