scp to local from a remote server that ssh's to another remote server

Question

I currently have a file on serverB that I would like to transfer to my local computer. To get to serverB I first ssh to serverA then ssh to serverB. (e.g. ssh @serverA then inside serverA -> ssh @serverB)

Not sure what would be the best way to do this with scp?

scp uses the same connection and authentication methods as ssh. If you can't log on to serverB directly, you need to copy the file in two steps. — berndbausch, Jan 24 '21 at 03:50

bitinerant · Accepted Answer · 2021-01-24T04:08:41.170

1

You can use the ProxyJump option in ~/.ssh/config. From man ssh:

-J destination

Connect to the target host by first making a ssh connection to the jump host described by destination and then establishing a TCP forwarding to the ultimate destination from there. Multiple jump hops may be specified separated by comma characters. This is a shortcut to specify a ProxyJump configuration directive. Note that configuration directives supplied on the command-line generally apply to the destination host and not any specified jump hosts. Use ~/.ssh/config to specify configuration for jump hosts.

For example, your ~/.ssh/config may look like this:

Host serverA
Port 22
Host serverB
Port 22
ProxyJump serverA

This will tell ssh to always connect to serverB via serverA, and it will do this for both normal ssh and for scp. In other words, you can type ssh serverB or scp serverB:big_file.txt . and it will know to route through ServerA. (You will, however, need a local copy of the key needed for serverB if you are using public key authentication.)

This is often referred to has "jump host" in ssh. A related config option in ~/.ssh/config is ProxyCommand.

edited Jan 24 '21 at 04:08

answered Jan 24 '21 at 03:53

bitinerant

804

scp doesn't have the -J option, but you can use its -o option to specify a ProxyJump directly on the command line (something like scp -o "ProxyJump serverA" localfile serverB:remotefile). – Gordon Davisson Jan 24 '21 at 04:10
@GordonDavisson - actually, in Ubuntu 20.04, scp does have a -J option. Maybe this was a recent addition. – bitinerant Jan 24 '21 at 04:13
Looks like it was added to scp in... OpenSSH v8.0? Yikes, I'm way more out of date than I realized! (v8.4 is current) – Gordon Davisson Jan 30 '21 at 03:22
Thanks! I tired this and it worked. – Miguel Z Feb 06 '21 at 22:16

score 0 · Answer 2 · answered Jan 24 '21 at 06:07

one way is bitinerant solution and there are other ways.

if you need more than one time, it is better use sshfs on serverA and scp from local to serverA
if you need only one time, you could use ssh tunnel please follow this for tunneling and for sshfs

ssh to serverA
sshfs user@serverB:/foldertomount/ ~/mountpoint
scp ~/mountpoint/desiredFile LocalIP:/Path/

scp to local from a remote server that ssh's to another remote server

2 Answers2