Linux – How to use ssh to copy a file multiple hops with agent forwarding

linuxscpsshssh-agent

I have a group of servers all properly configured with SSH agent forwarding. It is a typical bastion server style configuration where the only machine you can connect to from the outside is server A. From server A you can use agent forwarding to connect to servers B, C, D, etc. It is all working perfectly.

Sometimes I want to copy a file from my local machine to server B. In order to do this I have to first scp the file to server A. Then ssh to server A and scp the file to server B. Then I delete the file from server A.

Is there a way to copy the file directly from my computer to server B via server A in just one command executed on my local machine?

Best Answer

If your sshd is configured to allow TCP forwarding then you can set up a tunnel from your computer to B via A and then use it to copy things through. Create the tunnel

ssh -f -L 2050:B:22 A -N

-f background the ssh command so you get your terminal back to use.
-L 2050:B22 bind localhost port 2050 to host B port 22
-N do not execute a remote command.

then to copy from your computer to B

scp -P 2050 filetocopy localhost:/destination/path

EDIT: If you use

ssh -L 2050:B:22 A -N &

Then you will be told the PID of the ssh command when it backgrounds.

Related Solutions

Ssh – How to do Multihop SCP transfers between machines

You can add -o options to scp instead of .ssh/config.

scp -o ProxyCommand="ssh $jump_host nc $host 22" $local_path $host:$destination_path

$jump_host is your "server B" in this case.

Ssh – How to automate SSH login with password

Don't use a password. Generate a passphrase-less SSH key and push it to your VM.

If you already have an SSH key, you can skip this step… Just hit Enter for the key and both passphrases:

$ ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.

Copy your keys to the target server:

$ ssh-copy-id id@server
id@server's password:

Now try logging into the machine, with ssh 'id@server', and check-in:

.ssh/authorized_keys

Note: If you don't have .ssh dir and authorized_keys file, you need to create it first

to make sure we haven’t added extra keys that you weren’t expecting.

Finally, check to log in…

$ ssh id@server

id@server:~$

You may also want to look into using ssh-agent if you want to try keeping your keys protected with a passphrase.

Best Answer

Related Solutions

Ssh – How to do Multihop SCP transfers between machines

Ssh – How to automate SSH login with password

Related Topic