发表新帖
发表新帖

How to scp with a second remote host

前端 未结
关注
7 595
终归单人心
终归单人心 2020-12-04 05:55

I wonder if there is a way for me to SCP the file from remote2 host directly from my local machine by going through a remote1 host.

The networks only allow connectio

相关标签:
7条回答
  • 青春惊慌失措
    2020-12-04 06:02

    This will do the trick:

    scp -o 'Host remote2' -o 'ProxyCommand ssh user@remote1 nc %h %p' \ 
    user@remote2:path/to/file .

    To SCP the file from the host remote2 directly, add the two options (Host and ProxyCommand) to your ~/.ssh/config file (see also this answer on superuser). Then you can run:

    scp user@remote2:path/to/file .

    from your local machine without having to think about remote1.

    0 讨论(0)
  • 不思量自难忘°
    2020-12-04 06:03

    With openssh version 7.3 and up it is easy. Use ProxyJump option in the config file. 

    # Add to ~/.ssh/config 
Host bastion
    Hostname bastion.client.com
    User userForBastion
    IdentityFile ~/.ssh/bastion.pem

Host appMachine
    Hostname appMachine.internal.com
    User bastion
    ProxyJump bastion                   # openssh 7.3 version new feature ProxyJump
    IdentityFile ~/.ssh/appMachine.pem. #no need to copy pem file to bastion host

    Commands to run to login or copy 

    ssh appMachine   # no need to specify any tunnel. 
scp helloWorld.txt appMachine:.   # copy without intermediate jumphost/bastion host copy.**

    ofcourse you can specify bastion Jump host using option "-J" to ssh command, if not configured in config file.

    Note scp does not seems to support "-J" flag as of now. (i could not find in man pages. However above scp works with config file setting)

    0 讨论(0)
  • 被撕碎了的回忆
    2020-12-04 06:11

    There is a new option in scp that add recently for exactly this same job that is very convenient, it is -3.

    TL;DR For the current host that has authentication already set up in ssh config files, just do:

    scp -3 remote1:file remote2:file

    Your scp must be from recent versions.

    All other mentioned technique requires you to set up authentication from remote1 to remote2 or vice versa, which not always is a good idea.
    Argument -3 means you want to move files from two remote hosts by using current host as intermediary, and this host actually does the authentication to both remote hosts, so they don't have to have access to each other.
    You just have to setup authentication in ssh config files, which is fairly easy and well documented, and then just run the command in TL;DR

    The source for this answer is https://superuser.com/a/686527/713762

    0 讨论(0)
  • 没有蜡笔的小新
    2020-12-04 06:18

    Double ssh

    Even in your complex case, you can handle file transfer using a single command line, simply with ssh ;-)
    And this is useful if remote1 cannot connect to localhost:

    ssh user1@remote1 'ssh user2@remote2 "cat file"' > file

    tar

    But you loose file properties (ownership, permissions...).

    However, tar is your friend to keep these file properties:

    ssh user1@remote1 'ssh user2@remote2 "cd path2; tar c file"' | tar x

    You can also compress to reduce network bandwidth:

    ssh user1@remote1 'ssh user2@remote2 "cd path2; tar cj file"' | tar xj

    And tar also allows you transferring a recursive directory through basic ssh:

    ssh user1@remote1 'ssh user2@remote2 "cd path2; tar cj ."' | tar xj

    ionice

    If the file is huge and you do not want to disturb other important network applications, you may miss network throughput limitation provided by scp and rsync tools (e.g. scp -l 1024 user@remote:file does not use more than 1 Mbits/second).

    But, a workaround is using ionice to keep a single command line:

    ionice -c2 -n7 ssh u1@remote1 'ionice -c2 -n7 ssh u2@remote2 "cat file"' > file

    Note: ionice may not be available on old distributions.

    0 讨论(0)
  • 予麋鹿
    2020-12-04 06:20

    Small addition to Olibre's solution here, which I worked with using this source.

    Just as you have the three ways to use tar for copying from remote host to local, the following works for local host to remote host copying in double ssh situations: (run them in the directory where the files have to be copied from, otherwise use fullpath/filename)

    Transfer single file without compression:

    tar c filename |  ssh user1@remote1 'ssh -Y user2@remote2 "path2 && tar x"'

    Transfer single file with compression:

    tar cj filename |  ssh user1@remote1 'ssh -Y user2@remote2 "path2 && tar xj"'

    Recursive directory transfer:

    tar cj . |  ssh user1@remote1 'ssh -Y user2@remote2 "path2 && tar xj"'

    The && here prevents the command from running if the first half of the command does not work - for example if the directory is missing or there is an error in the source/destination path names.

    0 讨论(0)
  • 抹茶落季
    2020-12-04 06:22

    This configuration works nice for me:

    Host jump
   User username
   Hostname jumphost.yourorg.intranet
Host production
   User username
   Hostname production.yourorg.intranet
   ProxyCommand ssh -q -W %h:%p jump

    Then the command 

    scp myfile production:~

    Copies myfile to production machine.

    0 讨论(0)
 看不清?
提交回复
热议问题