SSH Tunneling – Copying Files with Cert Forwarding

file-transfernat;scpsshssh-tunneling

I need to find a way to copy files from mymachine to a server priv-server sitting on a private NATted network via a server pub-server with a public IP. The behind-NAT machine priv-server only has certs for user@mymachine, so the certs need to be forwarded from mymachine via pub-server to priv-server

So in order to log on with SSH with just one command, I use:

$ ssh -tA user@pub-server 'ssh user@priv-server'

— this works perfectly well. The certs are forwarded from mymachine to priv-server via pub-server, and all is set up nicely.

Now, I'd normally use scp for any file transfer needs but I'm not aware of a way to pass all of the tunneling information to scp.

Best Answer

Instead use a more low level form of copying files by catting them locally, and piping that into a remote cat > filename command on priv-server:

$ cat file1.txt | ssh -A user@pub-server 'ssh user@priv-server "cat > file1.txt"'

or with compression:

$ gzip -c file1.txt | ssh -A user@pub-server 'ssh user@priv-server "gunzip -c > file1.txt"'

Outtake from man ssh:

-A Enables forwarding of the authentication agent connection. This can also be specified on a per-host basis in a configuration file.

-t Force pseudo-tty allocation. This can be used to execute arbitrary screen-based programs on a remote machine, which can be very useful, e.g. when implementing menu services. Multiple -t options force tty allocation, even if ssh has no local tty.

I initially wasn't aware of an answer, but after a good night's sleep and writing this question, I saw a problem with the command I was trying initially, fixed it, and it worked. But as this seems like a useful thing to do, I decided to share the answer.

Related Question