How do I SCP a file through an intermediate server?

Question

I'm using Ccygwin on WinXP (with the bash shell). I want to SCP a file from my localhost to a remote machine -- host2. However, I can only SSH to an intermediate machine -- host1, and then from there SSH to host2. (Note, I ccan't access host2 from my localhost).

I thought tunneling was my answer, but when I try to set up a tunnel

ssh -L 9999:localhost:9998 dalvarado@host1 'ssh -L 9998:localhost:1234 -N dalvarado@host2'

But after typing this command and hitting enter, the system just hangs. What is the proper way to setup a tunnel and then SCP a file after?

Thanks, -

Duplicate of http://superuser.com/questions/174160/scp-over-a-proxy-with-one-command-from-local-machine - see my answer below for a summary. — jmetz, Aug 01 '12 at 20:51
From user [Meir D](http://superuser.com/users/687829/meir-d): Also see http://serverfault.com/questions/337274/ssh-from-a-through-b-to-c-using-private-key-on-b — fixer1234, Jan 19 '17 at 18:37
Possible duplicate of [scp files via intermediate host](https://superuser.com/questions/276533/scp-files-via-intermediate-host) — tripleee, Apr 16 '18 at 07:30

score 31 · Answer 1 · edited Apr 16 '18 at 07:26

31

Since OpenSSH 7.3, you can use -J or -o ProxyJump to specify the bastion/jump host. Therefore, to SSH to node2 via node1:

ssh -J you@node1 you@node2

SCP doesn't have the -J argument, but it does allow -o, so this works:

scp -o ProxyJump=you@node1 file.txt you@node2:~

edited Apr 16 '18 at 07:26

Martin Prikryl

21,071
9
77
157

answered Apr 14 '18 at 01:12

ZiggyTheHamster

409
4
4

1

The `-J` was added to `scp` (and `sftp`) in [OpenSSH 8.0](https://www.openssh.com/txt/release-8.0). – Martin Prikryl Feb 23 '22 at 13:51

score 20 · Answer 2 · edited Mar 20 '17 at 10:17

This has already been answered best here.

To summarize: put the following in ~/.ssh/config

Host target.machine
User          targetuser
HostName      target.machine
ProxyCommand  ssh proxyuser@proxy.machine nc %h %p 2> /dev/null

and then simply scp to target.machine any time you want to proxy via proxy.machine!

Also works for ssh, so will save you time ssh-ing to the target machine too.

Credit should go to user24925 who answered this in 2011.

score 14 · Answer 3 · answered Aug 01 '12 at 20:35

14

To set up a SSH tunnel, use the following format:

ssh -L 9999:host2:22 user@host1

This command connects to host1 as user and tunnels port 9999 on the computer issuing the command to port 22 on host2. -N is optional, or you can use something like top or watch to keep the session alive if needed.

Then, simply scp to host2 on localhost:9999.

answered Aug 01 '12 at 20:35

Rain

2,328
1
13
20

1

When I run this command, am I supposed to end up getting logged in to host1? Also, after running this command, I opened another bash shell, and ran "scp hello.txt localhost:9999", but got a "ssh: connect to host localhost port 22: Connection refused" error. What am I doing wrong here? – Dave Aug 02 '12 at 13:41
3

When you run this command, you will be connected to host1, yes. Your `scp` command syntax is incorrect though. Try this `scp -P 9999 hello.txt user@localhost:/path/to/destination/file` where `user` is the user on `host2` that you want login as. – Rain Aug 02 '12 at 21:04
1

@Rain, you could put this example in the main answer ;) – dmeu Oct 26 '15 at 09:17

Fran · Answer 4 · 2012-08-01T20:28:45.513

You could first scp the file to host1, like this:

scp file dalvarado@host1:.

Then do this to get it to host2:

ssh -t dalvarado@host1 'scp file dalvarado@host2:.'

The -t option to ssh forces it to allocate a pseudo-terminal, which may make it easier for scp on host1 to prompt you for a passphrase/password. If you have ssh-agent running and configured everywhere, you shouldn't be prompted for a passphrase/password.

I offer this alternative, because if you used a tunnel, you'd still need two commands: one to setup the tunnel and one to copy the file through it. This seems simpler.

Wojciech Domalewski · Answer 5 · 2022-02-13T21:36:20.523

Now you can send your file over ssh tunnel with -J option

scp -J proxy-host your-file destination-host:[directory]

If you need to specify port on the proxy host you have to use -P option

scp -P port-number -J proxy-host your-file destination-host:[directory]

Finally if you need to send files from subdirectories you can use -r option

scp -r -P port-number -J proxy-host your-file destination-host:[directory]

The order in which you specify the options matters!

score 0 · Answer 6 · answered Oct 18 '22 at 14:46

0

To copy from remote C, through jump box B to your local host A

scp -J username@B username@C:/file/location /file/path/on/local

answered Oct 18 '22 at 14:46

SirVine

1

How do I SCP a file through an intermediate server?

6 Answers6

Linked

Related