4

I have three linux servers:
1. Database Server 10.10.10.10
2. Application Server 10.10.10.52
3. Backup Server 10.10.10.55

There is a direct connection between Database and Application servers and there is a direct connection between Application and Backup servers, but there is no connection between Database and Backup servers.
I have a file in Database server which I want to copy to Backup server, but I don't have any idea how to do.
If anyone has any idea, please share it with me.
Thanks in advance.

Abdul Raheem Ghani
  • 141
  • 1
    ssh tunnel using 2 from 1 to 3. It will slower than a direct connection, ask the networking team for a direct connection. – Rui F Ribeiro Nov 27 '16 at 09:05
  • @RuiFRibeiro The networking team does not allow a direct connection and has asked me to find a solution for it.

    And you mean that I should copy the file from 1 to 2 and then from 2 to 3?

     – Abdul Raheem Ghani Nov 27 '16 at 09:07
  • http://superuser.com/questions/456438/how-do-i-scp-a-file-through-an-intermediate-server – Rui F Ribeiro Nov 27 '16 at 09:09
  • @RuiFRibeiro The mentioned link shows me how to ssh the Database Server. I practiced that, I can ssh Database server, but I am still unable to copy the file directly. – Abdul Raheem Ghani Nov 27 '16 at 09:33

3 Answers3

5

You have to make a tunnel from host1(1) to host(3) logging in host2(2) with SSH, as only (1) has access to (2), as in:

host1$ ssh -L 9999:host3:22 user@host2

That will create the tunnel to host3, SSH port(22) in localhost, port 9999/TCP

Then in another windows, you scp from host1 with a user present in host 3 as in:

host1$ scp -P 9999 file_to_copy user@localhost:/user/file_to_copy

In that respect, the transfer of the file is done directly from host 1 to host3, and host2 is there just to forward the connection via the SSH tunnel. When you logout from the first ssh, the tunnel is closed.

Rui F Ribeiro
  • 56,709
  • 26
  • 150
  • 232
2

Assumption: On Host A scp /tmp/xxx HostB:/tmp/xxx and on HostB scp /tmp/xxx HostC:/tmp/xxx

In cases, traditionally you would use a ssh/scp tunnel to copy from HostA to HostC. Assuming your network has also disabled tunnels (also assuming you also asked about that as a 'direct connection')

You could write a script something like this - for execution from HostB

#!/usr/bin/bash -e
# assumes you have PKI setup so you only have to enter your pass-phrase at most once
file=$1

scp Hosta:$file $file
scp $file HostC:$file
rm $file

After thought: from HostB

scp HostA:$file HostC:$file
Rui F Ribeiro
  • 56,709
  • 26
  • 150
  • 232
Michael Felt
  • 1,218
  • 1
    Not practical really – Rui F Ribeiro Nov 27 '16 at 10:14
  • Your "After thought" command doesn't work, because actually that just SSHes into one system and attempts to connect to the third system from there. – Celada Nov 27 '16 at 12:39
  • scp hosta:this hostc:that actually runs a subprocess on hosta that sends directly to hostc, or tries to, precisely not what this Q wants. You can do ssh [user@]hosta "cat file" | ssh [user@]hostc "cat >file" or to preserve modtime ssh hosta "tar cf - file" | ssh hostc "tar xf -" (add other options like -v to taste) – dave_thompson_085 Nov 27 '16 at 12:45
  • That's the problem with 'afterthoughts' :) - probably worked that way with rcp as well with *nix. My windows scp version copies it to a tmp file on the pc, and then copies that to the destination. As to practical - a network dept that won;t permit a direct connect is not practical, just as not using a tunnel - is a tunnel forbidden? The "security concern" created by not permitting a direct connect is to increase the likelihood of tunnels and/or "process in the middle" solutions. The purpose of my suggestion was to help with an idea on how to proceed - or did you want a solution? – Michael Felt Nov 27 '16 at 12:52
1

An alternative to the solution proposed by Rui F Ribeiro is to setup a ProxyCommand in your SSH configuration file (usually ~/.ssh/config):

host <remote>
    ProxyCommand ssh <gateway_user>@<gateway> nc <host> 22
    User <host_user>

Then, you can simply use:

scp /local/path/to/file <remote>:/remote/path/to/file
scp <remote>:/remote/path/to/file /local/path/to/file

Once your SSH config is set up, you can copy files seamlessly, as if you had a direct connection to the remote server.

Community
  • 1
Arcturus B
  • 131
  • 1
    @RuiFRibeiro: actually we’re dealing with the config file for the SSH client. In Debian (and most certainly other distro), these are /etc/ssh/ssh_config for system-wide configuration, and ~/.ssh/config for user configuration. The /etc/ssh/sshd_config you’re mentioning is the config file for the SSH server. (See man(5) for ssh_config and sshd_config. – Arcturus B Nov 27 '16 at 17:02