3

I need to find a way to copy files from mymachine to a server priv-server sitting on a private NATted network via a server pub-server with a public IP. The behind-NAT machine priv-server only has certs for user@mymachine, so the certs need to be forwarded from mymachine via pub-server to priv-server

So in order to log on with SSH with just one command, I use:

$ ssh -tA user@pub-server 'ssh user@priv-server'

— this works perfectly well. The certs are forwarded from mymachine to priv-server via pub-server, and all is set up nicely.

Now, I'd normally use scp for any file transfer needs but I'm not aware of a way to pass all of the tunneling information to scp.

Erik Kaplun
  • 361

3 Answers3

2

Instead use a more low level form of copying files by catting them locally, and piping that into a remote cat > filename command on priv-server:

$ cat file1.txt | ssh -A user@pub-server 'ssh user@priv-server "cat > file1.txt"'

or with compression:

$ gzip -c file1.txt | ssh -A user@pub-server 'ssh user@priv-server "gunzip -c > file1.txt"'

Outtake from man ssh:

-A Enables forwarding of the authentication agent connection. This can also be specified on a per-host basis in a configuration file.

-t Force pseudo-tty allocation. This can be used to execute arbitrary screen-based programs on a remote machine, which can be very useful, e.g. when implementing menu services. Multiple -t options force tty allocation, even if ssh has no local tty.

I initially wasn't aware of an answer, but after a good night's sleep and writing this question, I saw a problem with the command I was trying initially, fixed it, and it worked. But as this seems like a useful thing to do, I decided to share the answer.

Erik Kaplun
  • 361
1

This would be simple if you try a native sshfs which is recently added.

Install sudo apt-get install sshfs

sshfs -ttA user@pub-server ssh user@priv-server

This will do the magic.

For more infor see here Linux Journal

Ruban Savvy
  • 8,659
  • thanks, although that requires more than one command plus the installation of a system wide package, however with the solution I've already come up with, only a single, self-contained command is needed :) – Erik Kaplun Nov 10 '14 at 11:47
  • Nah AFAIK SSHFS works woth the help of SSH, you can think like SSHFS as a flavor added to SSH.. This is robust and simple when compared with your multi-line answer. – Ruban Savvy Nov 10 '14 at 11:54
  • I'm sorry but my answer is single-line? – Erik Kaplun Nov 10 '14 at 11:56
  • since when are unix pipes considered line breaks? your solution requires 1) the installation of a package 2) the set up of an sshfs mapping and 3) the actual copy command. I'm not trying to create a fight here but I'm not sure what we're arguing over. – Erik Kaplun Nov 10 '14 at 12:00
1

Instead of wondering how to cope with a complex chain of SSH forwardings, separate the problems.

  1. Configure your system to have transparent access to every host. This is done once and for all in your ~/.ssh/config file.

    To teach SSH to use a machine as a proxy to another machine, declare a ProxyCommand .

    Host priv-server
User user
ProxyCommand ssh -W %h:%p -t user@pub-server

    Also enable connection sharing. This allows multiple clients instances to use the same channel, which saves on connection establishment time. At the top of your .ssh/config (before any Host line), add

    ControlMaster auto
ControlPath ~/.ssh/control:%h:%p:%r

  2. If you can, set up key authentication and agent forwarding, so that authentication is fully transperent. If you can't, so you need interactive authentication on some hosts, you only need to authenticate once per session or after a network failure. Open a master connection.

    ssh -Nf priv-server

  3. Call ssh (or scp, sftp, sshfs, rsync, etc.) normally.

Community
  • 1
Gilles 'SO- stop being evil'
  • 829,060
  • Thanks, this is useful! I needed a self-contained reusable system-independent way of doing it really; one-machine convenience is good but takes effort to replicate for automation. – Erik Kaplun Nov 11 '14 at 13:24