How do I SCP a file through an intermediate server?

I'm using Ccygwin on WinXP (with the bash shell). I want to SCP a file from my localhost to a remote machine -- host2. However, I can only SSH to an intermediate machine -- host1, and then from there SSH to host2. (Note, I ccan't access host2 from my localhost).

I thought tunneling was my answer, but when I try to set up a tunnel

ssh -L 9999:localhost:9998 dalvarado@host1 'ssh -L 9998:localhost:1234 -N dalvarado@host2'

But after typing this command and hitting enter, the system just hangs. What is the proper way to setup a tunnel and then SCP a file after?

Thanks, -

Dave

Posted 2012-08-01T19:54:42.880

Reputation: 151

From user Meir D: Also see http://serverfault.com/questions/337274/ssh-from-a-through-b-to-c-using-private-key-on-b

– fixer1234 – 2017-01-19T18:37:29.267

Possible duplicate of scp files via intermediate host

– tripleee – 2018-04-16T07:30:29.273

Duplicate of http://superuser.com/questions/174160/scp-over-a-proxy-with-one-command-from-local-machine - see my answer below for a summary.

– jmetz – 2012-08-01T20:51:33.547

Answers

This has already been answered best here.

To summarize: put the following in ~/.ssh/config

Host target.machine
User          targetuser
HostName      target.machine
ProxyCommand  ssh proxyuser@proxy.machine nc %h %p 2> /dev/null

and then simply scp to target.machine any time you want to proxy via proxy.machine!

Also works for ssh, so will save you time ssh-ing to the target machine too.

Credit should go to user24925 who answered this in 2011.

jmetz

Posted 2012-08-01T19:54:42.880

Reputation: 832

To set up a SSH tunnel, use the following format:

ssh -L 9999:host2:22 user@host1

This command connects to host1 as user and tunnels port 9999 on the computer issuing the command to port 22 on host2. -N is optional, or you can use something like top or watch to keep the session alive if needed.

Then, simply scp to host2 on localhost:9999.

Rain

Posted 2012-08-01T19:54:42.880

Reputation: 2 238

1@Rain, you could put this example in the main answer ;) – dmeu – 2015-10-26T09:17:44.657

1When I run this command, am I supposed to end up getting logged in to host1? Also, after running this command, I opened another bash shell, and ran "scp hello.txt localhost:9999", but got a "ssh: connect to host localhost port 22: Connection refused" error. What am I doing wrong here? – Dave – 2012-08-02T13:41:06.840

3When you run this command, you will be connected to host1, yes. Your scp command syntax is incorrect though. Try this scp -P 9999 hello.txt user@localhost:/path/to/destination/file where user is the user on host2 that you want login as. – Rain – 2012-08-02T21:04:45.237

Since OpenSSH 7.3, you can use -J or -o ProxyJump to specify the bastion/jump host. Therefore, to SSH to node2 via node1:

ssh -J you@node1 you@node2

SCP doesn't have the -J argument, but it does allow -o, so this works:

scp -o ProxyJump=you@node1 file.txt you@node2:~

ZiggyTheHamster

Posted 2012-08-01T19:54:42.880

Reputation: 151

You could first scp the file to host1, like this:

scp file dalvarado@host1:.

Then do this to get it to host2:

ssh -t dalvarado@host1 'scp file dalvarado@host2:.'

The -t option to ssh forces it to allocate a pseudo-terminal, which may make it easier for scp on host1 to prompt you for a passphrase/password. If you have ssh-agent running and configured everywhere, you shouldn't be prompted for a passphrase/password.

I offer this alternative, because if you used a tunnel, you'd still need two commands: one to setup the tunnel and one to copy the file through it. This seems simpler.

Fran

Posted 2012-08-01T19:54:42.880

Reputation: 4 774

Fantastic solution!!! – Riccardo – 2016-04-17T20:54:27.680