scp between two remote hosts from my (third) pc

142

I have two remote hosts.
host1-> 10.3.0.1
host2-> 10.3.0.2
Both run an ssh server.

The ssh server listens on port 22 in host1 and on port 6969 in host2. Now, using my local machine, I need to copy something from host1 to host2 without logging into either host1 or host2 via ssh. Something like,

scp user@10.3.0.1:/path/to/file user@10.3.0.2/path/to/file

How can I do this, please note that the two hosts use different ports for ssh.

uwais ibrahim

Posted 2013-12-10T13:49:06.093

Reputation: 1 521

Are you asking if you can transfer from a remote host to a remote host, or are you asking how to do it without having to supply a password? – glenn jackman – 2013-12-10T14:22:27.680

While the -P flag exists to specify the port to use, in case of remote-to-remote transfer, ssh as no defined behaviour on how to specify per-host port... – mveroone – 2013-12-10T15:14:02.787

Answers

227

In the past, the way in which scp worked, when called (naively) to copy files between remote systems, was very inconvenient: if you wrote, for instance

    scp user1@remote1:/home/user1/file1.txt user2@remote2:/home/user2/file1.txt

scp would first open an ssh session on remote1, and then it would run scp from there to remote2. For this to work, you would have to set up the authorization credentials for remote2 on remote1.

The modern way to do it, instead, ("modern" because it was implemented only a few years ago, and perhaps not everybody has a -3-capable scp) requires two steps. The first necessary step is to use ~/.ssh/config to set up all options for the connection to both remote1 and remote2, as follows:

    Host remote1.example.org
    Port 2222
    IdentityFile /path/to/host1-id_rsa

    Host remote2.example.org
    Port 6969
    IdentityFile /path/to/host2-id_rsa

This way it becomes possible to pass all necessary options to the command without ambiguities: for instance, if we had said on the CLI use port 2222 without the above configuration, it would have been unclear whether we were referring to remote1 or to remote2, and likewise for the file containing the cryptgraphic keys. This way the CLI remains tidy and simple.

Secondly, use the -3 option, as follows:

    scp -3 user1@remote1:/home/user1/file1.txt user2@remote2:/home/user2/file1.txt

The -3 option instructs scp to route traffic through the PC on which the command is issued, even though it is a 3rd party to the transfer. This way, authorization credentials must reside only on the issuing PC, the third party.

MariusMatutiae

Posted 2013-12-10T13:49:06.093

Reputation: 41 321

8For future reference: If you copy a file between two hosts that share an identity file (like an EC2 instance), then you don't need the config file. One -i argument is sufficient to connect to both hosts. – Artur Czajka – 2014-08-08T08:13:14.177

Also worth noting, for Google Compute Engine, there is support for adding to your ~/.ssh/config file: https://cloud.google.com/compute/docs/gcloud-compute/ but I don't think that AWS has the same support

– modulitos – 2014-12-28T08:36:32.360

1Since you won't see the output as you normally do, a tip is to enable the verbose mode with -v. – holmberd – 2019-05-23T21:49:16.567

Last time I tried this, scp wasn't able to do that. Your command line looks okay. This workaround will work:

ssh -p port_on_machine1 user@machine1 "cat /path/to/file/one"|ssh -p port_on_machine2 user@machine2 "cat >/path/to/file/two"

peterh - Reinstate Monica

Posted 2013-12-10T13:49:06.093

Reputation: 2 043

my scp man page says "Copies between two remote hosts are also permitted." – glenn jackman – 2013-12-10T14:23:30.700

1Thanks, it is good to hear. To scp you can give a -P flag (it was written by some BSD people, this because its argument handling is so tragic :-( ), but it seems you can't specify different ports on the remote hosts. I am sorry, but I think, only this workaround lefts (or there are a lot of trickier solutions, using ssh but avoiding scp - for example, sftpfs, but they are not the simplest). I extended my workaround with the port settings. – peterh - Reinstate Monica – 2013-12-10T15:11:34.420

In my case, I was doing a remote to remote copy, withouth the -3 argument. The port given with the '-P' parameter works with the 1st server, but port 22 is used with the 2nd one.

ssh -P 1234 user@server1.mydomain.com user@server2.otherdomain.com

The solution is to edit the /etc/ssh/ssh_config file in server1 and add these lines:

Host *.otherdomain.com
   Port  1234

In this way, the port 1234 is used for both of them. It could be different too.

This solution has better throughput than previous solutions, because communitation is direct.

david.perez

Posted 2013-12-10T13:49:06.093

Reputation: 203

perez is there a way to achieve scp through two different ports for the two different remote machines from the comman line? – Red Bottle – 2018-08-30T09:26:48.683

The source and target can be specified as a URI in the form scp://[user@]host[:port][/path]

so you can run:

scp -3 scp://user@10.3.0.1:22/path/to/file scp://user@10.3.0.2:6969/path/to/file

molabib

Posted 2013-12-10T13:49:06.093

Reputation: 59

You cannot specify port numbers with the common colon (:xx) notation with scp. scp uses the colon to differentiate between hostname and filenames. File names/paths need not begin with a /. – Cameron Tacklind – 2019-11-15T00:37:28.373