Scp over a proxy with one command from local machine?
I have my local.machine, the proxy.machine and target.machine. local.machine doesn't have direct contact with target.machine, but needs to go through proxy.machine.
I want to scp a file from target.machine to local.machine. Is this possible to do with just one command from local.machine?
scp
asked Aug 10 '10 at 11:24
grm
1,07932028
add a comment |
I have my local.machine, the proxy.machine and target.machine. local.machine doesn't have direct contact with target.machine, but needs to go through proxy.machine.
I want to scp a file from target.machine to local.machine. Is this possible to do with just one command from local.machine?
scp
asked Aug 10 '10 at 11:24
grm
1,07932028
add a comment |
I have my local.machine, the proxy.machine and target.machine. local.machine doesn't have direct contact with target.machine, but needs to go through proxy.machine.
I want to scp a file from target.machine to local.machine. Is this possible to do with just one command from local.machine?
scp
asked Aug 10 '10 at 11:24
grm
1,07932028
I have my local.machine, the proxy.machine and target.machine. local.machine doesn't have direct contact with target.machine, but needs to go through proxy.machine.
I want to scp a file from target.machine to local.machine. Is this possible to do with just one command from local.machine?
scp
scp
asked Aug 10 '10 at 11:24
grm
1,07932028
asked Aug 10 '10 at 11:24
grm
1,07932028
asked Aug 10 '10 at 11:24
grm
1,07932028
asked Aug 10 '10 at 11:24
grm
1,07932028
asked Aug 10 '10 at 11:24
grm
1,07932028
1,07932028
add a comment |
add a comment |
11 Answers
11
active
oldest
votes
I know this is a late answer, but I just found out a cool way to do this. It is basically Holger Just's answer, but in a saved config file:
You need to put this in your ~/.ssh/config file on local.machine, (creating the file if it does not exist)
Host target.machine
User targetuser
HostName target.machine
ProxyCommand ssh proxyuser@proxy.machine nc %h %p 2> /dev/null
After saving the file, you can just use
ssh target.machine
any time you want to connect. Scp also will work as it also respects the ssh config file. So will Nautilus, if you're using GNOME and want to use a GUI.
answered Aug 8 '11 at 13:37
user24925
76367
5
Just a quick note. If you are using an alternative identity file via the -i command line option for ssh, you need to specify that option for both the ProxyCommand configuration and the ssh command line.
– BillMan
May 15 '13 at 18:32
7
3 things that might help, 1) it would help if you also showed theHost proxy.machinelines in the same~/.ssh/configfile, 2) Mention whether these commands can be nested (ie. client connects to proxy host 1 which connects to proxy host 2 which connects to...target) and 3) whatnc %h %pmeans
– puk
Nov 14 '13 at 6:00
How can we copy from local machine to target machine with proxy?
– Mulagala
Nov 16 '17 at 11:34
add a comment |
You can do it in one command, but you need netcat (nc) installed on the proxy machine:
ssh -o "ProxyCommand ssh poxyuser@proxy.machine nc -w 1 %h 22" targetuser@target.machine
[EDIT: mixed up the order of machines...]
answered Feb 20 '11 at 10:31
Holger Just
670715
Nice try, but where should I add the username for proxy and for login?
– grm
Apr 13 '11 at 11:49
Jzst before the machine names, with an @. I edited my answer to reflect that.
– Holger Just
Apr 13 '11 at 18:37
add a comment |
If you don't mind using rsync instead of scp, you can use the following one-liner:
rsync -v --rsh "ssh proxy.machine ssh" target.machine:/remote/file /local/dir/
(you'll need passwordless access to the proxy machine)
answered Feb 20 '11 at 10:26
dubek
53144
add a comment |
You can now* do this as a one-liner, without requiring nc anywhere:
scp -o "ProxyCommand ssh pcreds@proxy.machine -W %h:%p" tcreds@target.machine:file .
Explanation
pcreds and tcreds represent your proxy and target credentials if required (username, username:password, etc.).
This is possible because of a built-in netcat-like ability, removing the requirement for nc on the intermediate host. Using ssh -W host:port sets up a tunnel to the specified host and port and connects it to stdin/stdout, and then scp runs over the tunnel.
The %h and %p in the ProxyCommand are replaced with the target host and port you specify.
For even more convenience, you can configure the proxy in your ssh configuration:
Host target.machine
ProxyCommand ssh pcreds@proxy.machine -W %h:%p
and from then on just do
scp tcreds@target.machine:file .
* since OpenSSH 5.4 - released March 2010
answered Feb 2 '16 at 11:00
CupawnTae
280210
1
Verified this indeed works well, and does not leave stale NC processes laying around on the proxy machine.
– LaXDragon
May 6 '16 at 15:01
1
Where can I specify the port of the proxy ?
– Marged
Dec 7 '17 at 18:01
1
@Marged I'm not in a position to try it here at the moment, but I think you should be able to include-p <portnum>before the-Win either method to specify the proxy port
– CupawnTae
Dec 10 '17 at 21:04
1
It took me a while to figure out that the -i option (if you need it) goes inside the quotes. The proxy ssh does not by default use the same private key specified by any -i option supplied directly to scp. I guess that is obvious when you think about it.
– Keeely
Nov 24 '18 at 21:30
add a comment |
$ ssh -f -N -L <localport>:<target.machine:port> user@proxy.machine
$ scp target-user@local.machine:/remote/file -P <localport> .
OK, actually two commands...
answered Aug 10 '10 at 11:44
weeheavy
531311
1
How can I specify the port of my proxy ? In my case8080
– Marged
Dec 7 '17 at 18:00
@Marged add-p <portnumber>to your ssh command
– weeheavy
Jan 21 '18 at 20:51
add a comment |
A one-liner? Not off the top of my head. You need to establish a proxy first and you can't do that with scp by itself.
When doing it manually, I open up a screen session for my tunnel:
screen -S tunnel
Screen is used to keep the tunnel going in a background shell. Use any technique you want to keep the tunnel open in the background (@weeheavy's answer is probably the simplest). Once in the screen session I start my tunnel like so
ssh -L 2222:target.machine:22 [user@]proxy.machine
To break that down, that basically says "On my local machine, open port 2222 and any connetion hitting localhost:2222 is proxied through proxy.machine to target.machine:22"
Once you've got the ssh connection and tunnel established, detach from the screen session with "C-a d". To get back to that screen session, type screen -raAd tunnel
Once you are back in your original shell your scp command will look like
scp -P 2222 localhost:your/file/on/target.machine local/path
Remember that localhost port 2222 is really just a tunnel going to target.machine.
answered Aug 10 '10 at 11:45
whaley
1,286186
add a comment |
How about:
scp -o "ProxyCommand ssh user@myproxyserver.com nc %h %p" your.filename username@yourdestination.yourdomain.com:/whatever_location
edited May 22 '15 at 14:50
kenorb
10.7k1577111
answered May 22 '15 at 14:23
eggroll77
191
or possibly username:password here?
– rogerdpack
Sep 11 '15 at 19:44
add a comment |
Appears that scp supports the"-o" option just like ssh does, though I'm not sure how to pass it a proxy username/password:
scp -o "ProxyCommand=nc -X connect -x proxyhost:proxyport %h %p" remote_user@remote_host:remote_path local_path
If you get nc: invalid option -- X see https://stackoverflow.com/a/23616021/32453
edited May 23 '17 at 12:41
Community♦
1
answered May 12 '14 at 18:22
rogerdpack
85621428
dope bro, worked straightaway :)
– Elouan Keryell-Even
Jun 2 '16 at 14:06
add a comment |
You could try something like:
ssh user@proxy.machine "ssh user@target.machine 'cat > file'" < file
But it won't work if your proxy.machine needs to ask you password (that SSH is not in a TTY, so askpass will fail).
If you have more than one file, you could use tar like this (untested, I usually use a netcat that way):
tar cf - file1 file2 folder1/ | ssh user@proxy.machine "ssh user@target.machine 'tar xvf -'"
answered Aug 10 '10 at 12:23
Eric Darchis
1,098912
add a comment |
Another simple solution
to transfer a source_file from the source_host to a destination_host via a proxy_host:
Log in on the proxy_server:
ssh login@proxy_host
From the proxy server, transfer the source_file from the source_host to the destination_host (you can type this as one line, omitting the ,
or as two lines, as shown below):
scp login@source_host:/path_to_source_file
login@destination_host:/path_to_destination_directory
This requires that the login on the source_host to the proxy_host uses an rsa_key.
edited Nov 17 '15 at 19:16
G-Man
5,566112357
answered Nov 17 '15 at 15:08
lomai
1
add a comment |
In case you need to use public keys you will need something like this.
Host target-machine
User target-user
HostName target.example.com
IdentityFile /path/to/file.pem
ProxyCommand ssh bastion -W %h:%p
Host bastion
User bastion-user
HostName bastion.example.com
IdentityFile /path/to/file.pem
answered Dec 19 '18 at 14:45
Leo
1012
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f174160%2fscp-over-a-proxy-with-one-command-from-local-machine%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
11 Answers
11
active
oldest
votes
11 Answers
11
active
oldest
votes
active
oldest
votes
active
oldest
votes
I know this is a late answer, but I just found out a cool way to do this. It is basically Holger Just's answer, but in a saved config file:
You need to put this in your ~/.ssh/config file on local.machine, (creating the file if it does not exist)
Host target.machine
User targetuser
HostName target.machine
ProxyCommand ssh proxyuser@proxy.machine nc %h %p 2> /dev/null
After saving the file, you can just use
ssh target.machine
any time you want to connect. Scp also will work as it also respects the ssh config file. So will Nautilus, if you're using GNOME and want to use a GUI.
answered Aug 8 '11 at 13:37
user24925
76367
5
Just a quick note. If you are using an alternative identity file via the -i command line option for ssh, you need to specify that option for both the ProxyCommand configuration and the ssh command line.
– BillMan
May 15 '13 at 18:32
7
3 things that might help, 1) it would help if you also showed theHost proxy.machinelines in the same~/.ssh/configfile, 2) Mention whether these commands can be nested (ie. client connects to proxy host 1 which connects to proxy host 2 which connects to...target) and 3) whatnc %h %pmeans
– puk
Nov 14 '13 at 6:00
How can we copy from local machine to target machine with proxy?
– Mulagala
Nov 16 '17 at 11:34
add a comment |
I know this is a late answer, but I just found out a cool way to do this. It is basically Holger Just's answer, but in a saved config file:
You need to put this in your ~/.ssh/config file on local.machine, (creating the file if it does not exist)
Host target.machine
User targetuser
HostName target.machine
ProxyCommand ssh proxyuser@proxy.machine nc %h %p 2> /dev/null
After saving the file, you can just use
ssh target.machine
any time you want to connect. Scp also will work as it also respects the ssh config file. So will Nautilus, if you're using GNOME and want to use a GUI.
answered Aug 8 '11 at 13:37
user24925
76367
5
Just a quick note. If you are using an alternative identity file via the -i command line option for ssh, you need to specify that option for both the ProxyCommand configuration and the ssh command line.
– BillMan
May 15 '13 at 18:32
7
3 things that might help, 1) it would help if you also showed theHost proxy.machinelines in the same~/.ssh/configfile, 2) Mention whether these commands can be nested (ie. client connects to proxy host 1 which connects to proxy host 2 which connects to...target) and 3) whatnc %h %pmeans
– puk
Nov 14 '13 at 6:00
How can we copy from local machine to target machine with proxy?
– Mulagala
Nov 16 '17 at 11:34
add a comment |
I know this is a late answer, but I just found out a cool way to do this. It is basically Holger Just's answer, but in a saved config file:
You need to put this in your ~/.ssh/config file on local.machine, (creating the file if it does not exist)
Host target.machine
User targetuser
HostName target.machine
ProxyCommand ssh proxyuser@proxy.machine nc %h %p 2> /dev/null
After saving the file, you can just use
ssh target.machine
any time you want to connect. Scp also will work as it also respects the ssh config file. So will Nautilus, if you're using GNOME and want to use a GUI.
answered Aug 8 '11 at 13:37
user24925
76367
I know this is a late answer, but I just found out a cool way to do this. It is basically Holger Just's answer, but in a saved config file:
You need to put this in your ~/.ssh/config file on local.machine, (creating the file if it does not exist)
Host target.machine
User targetuser
HostName target.machine
ProxyCommand ssh proxyuser@proxy.machine nc %h %p 2> /dev/null
After saving the file, you can just use
ssh target.machine
any time you want to connect. Scp also will work as it also respects the ssh config file. So will Nautilus, if you're using GNOME and want to use a GUI.
answered Aug 8 '11 at 13:37
user24925
76367
answered Aug 8 '11 at 13:37
user24925
76367
answered Aug 8 '11 at 13:37
user24925
76367
answered Aug 8 '11 at 13:37
user24925
76367
76367
5
Just a quick note. If you are using an alternative identity file via the -i command line option for ssh, you need to specify that option for both the ProxyCommand configuration and the ssh command line.
– BillMan
May 15 '13 at 18:32
7
3 things that might help, 1) it would help if you also showed theHost proxy.machinelines in the same~/.ssh/configfile, 2) Mention whether these commands can be nested (ie. client connects to proxy host 1 which connects to proxy host 2 which connects to...target) and 3) whatnc %h %pmeans
– puk
Nov 14 '13 at 6:00
How can we copy from local machine to target machine with proxy?
– Mulagala
Nov 16 '17 at 11:34
add a comment |
5
Just a quick note. If you are using an alternative identity file via the -i command line option for ssh, you need to specify that option for both the ProxyCommand configuration and the ssh command line.
– BillMan
May 15 '13 at 18:32
7
3 things that might help, 1) it would help if you also showed theHost proxy.machinelines in the same~/.ssh/configfile, 2) Mention whether these commands can be nested (ie. client connects to proxy host 1 which connects to proxy host 2 which connects to...target) and 3) whatnc %h %pmeans
– puk
Nov 14 '13 at 6:00
How can we copy from local machine to target machine with proxy?
– Mulagala
Nov 16 '17 at 11:34
5
5
Just a quick note. If you are using an alternative identity file via the -i command line option for ssh, you need to specify that option for both the ProxyCommand configuration and the ssh command line.
– BillMan
May 15 '13 at 18:32
Just a quick note. If you are using an alternative identity file via the -i command line option for ssh, you need to specify that option for both the ProxyCommand configuration and the ssh command line.
– BillMan
May 15 '13 at 18:32
7
7
3 things that might help, 1) it would help if you also showed the
Host proxy.machine lines in the same ~/.ssh/config file, 2) Mention whether these commands can be nested (ie. client connects to proxy host 1 which connects to proxy host 2 which connects to...target) and 3) what nc %h %p means– puk
Nov 14 '13 at 6:00
3 things that might help, 1) it would help if you also showed the
Host proxy.machine lines in the same ~/.ssh/config file, 2) Mention whether these commands can be nested (ie. client connects to proxy host 1 which connects to proxy host 2 which connects to...target) and 3) what nc %h %p means– puk
Nov 14 '13 at 6:00
How can we copy from local machine to target machine with proxy?
– Mulagala
Nov 16 '17 at 11:34
How can we copy from local machine to target machine with proxy?
– Mulagala
Nov 16 '17 at 11:34
add a comment |
You can do it in one command, but you need netcat (nc) installed on the proxy machine:
ssh -o "ProxyCommand ssh poxyuser@proxy.machine nc -w 1 %h 22" targetuser@target.machine
[EDIT: mixed up the order of machines...]
answered Feb 20 '11 at 10:31
Holger Just
670715
Nice try, but where should I add the username for proxy and for login?
– grm
Apr 13 '11 at 11:49
Jzst before the machine names, with an @. I edited my answer to reflect that.
– Holger Just
Apr 13 '11 at 18:37
add a comment |
You can do it in one command, but you need netcat (nc) installed on the proxy machine:
ssh -o "ProxyCommand ssh poxyuser@proxy.machine nc -w 1 %h 22" targetuser@target.machine
[EDIT: mixed up the order of machines...]
answered Feb 20 '11 at 10:31
Holger Just
670715
Nice try, but where should I add the username for proxy and for login?
– grm
Apr 13 '11 at 11:49
Jzst before the machine names, with an @. I edited my answer to reflect that.
– Holger Just
Apr 13 '11 at 18:37
add a comment |
You can do it in one command, but you need netcat (nc) installed on the proxy machine:
ssh -o "ProxyCommand ssh poxyuser@proxy.machine nc -w 1 %h 22" targetuser@target.machine
[EDIT: mixed up the order of machines...]
answered Feb 20 '11 at 10:31
Holger Just
670715
You can do it in one command, but you need netcat (nc) installed on the proxy machine:
ssh -o "ProxyCommand ssh poxyuser@proxy.machine nc -w 1 %h 22" targetuser@target.machine
[EDIT: mixed up the order of machines...]
answered Feb 20 '11 at 10:31
Holger Just
670715
edited Apr 13 '11 at 18:36
answered Feb 20 '11 at 10:31
Holger Just
670715
answered Feb 20 '11 at 10:31
Holger Just
670715
answered Feb 20 '11 at 10:31
Holger Just
670715
670715
Nice try, but where should I add the username for proxy and for login?
– grm
Apr 13 '11 at 11:49
Jzst before the machine names, with an @. I edited my answer to reflect that.
– Holger Just
Apr 13 '11 at 18:37
add a comment |
Nice try, but where should I add the username for proxy and for login?
– grm
Apr 13 '11 at 11:49
Jzst before the machine names, with an @. I edited my answer to reflect that.
– Holger Just
Apr 13 '11 at 18:37
Nice try, but where should I add the username for proxy and for login?
– grm
Apr 13 '11 at 11:49
Nice try, but where should I add the username for proxy and for login?
– grm
Apr 13 '11 at 11:49
Jzst before the machine names, with an @. I edited my answer to reflect that.
– Holger Just
Apr 13 '11 at 18:37
Jzst before the machine names, with an @. I edited my answer to reflect that.
– Holger Just
Apr 13 '11 at 18:37
add a comment |
If you don't mind using rsync instead of scp, you can use the following one-liner:
rsync -v --rsh "ssh proxy.machine ssh" target.machine:/remote/file /local/dir/
(you'll need passwordless access to the proxy machine)
answered Feb 20 '11 at 10:26
dubek
53144
add a comment |
If you don't mind using rsync instead of scp, you can use the following one-liner:
rsync -v --rsh "ssh proxy.machine ssh" target.machine:/remote/file /local/dir/
(you'll need passwordless access to the proxy machine)
answered Feb 20 '11 at 10:26
dubek
53144
add a comment |
If you don't mind using rsync instead of scp, you can use the following one-liner:
rsync -v --rsh "ssh proxy.machine ssh" target.machine:/remote/file /local/dir/
(you'll need passwordless access to the proxy machine)
answered Feb 20 '11 at 10:26
dubek
53144
If you don't mind using rsync instead of scp, you can use the following one-liner:
rsync -v --rsh "ssh proxy.machine ssh" target.machine:/remote/file /local/dir/
(you'll need passwordless access to the proxy machine)
answered Feb 20 '11 at 10:26
dubek
53144
answered Feb 20 '11 at 10:26
dubek
53144
answered Feb 20 '11 at 10:26
dubek
53144
answered Feb 20 '11 at 10:26
dubek
53144
53144
add a comment |
add a comment |
You can now* do this as a one-liner, without requiring nc anywhere:
scp -o "ProxyCommand ssh pcreds@proxy.machine -W %h:%p" tcreds@target.machine:file .
Explanation
pcreds and tcreds represent your proxy and target credentials if required (username, username:password, etc.).
This is possible because of a built-in netcat-like ability, removing the requirement for nc on the intermediate host. Using ssh -W host:port sets up a tunnel to the specified host and port and connects it to stdin/stdout, and then scp runs over the tunnel.
The %h and %p in the ProxyCommand are replaced with the target host and port you specify.
For even more convenience, you can configure the proxy in your ssh configuration:
Host target.machine
ProxyCommand ssh pcreds@proxy.machine -W %h:%p
and from then on just do
scp tcreds@target.machine:file .
* since OpenSSH 5.4 - released March 2010
answered Feb 2 '16 at 11:00
CupawnTae
280210
1
Verified this indeed works well, and does not leave stale NC processes laying around on the proxy machine.
– LaXDragon
May 6 '16 at 15:01
1
Where can I specify the port of the proxy ?
– Marged
Dec 7 '17 at 18:01
1
@Marged I'm not in a position to try it here at the moment, but I think you should be able to include-p <portnum>before the-Win either method to specify the proxy port
– CupawnTae
Dec 10 '17 at 21:04
1
It took me a while to figure out that the -i option (if you need it) goes inside the quotes. The proxy ssh does not by default use the same private key specified by any -i option supplied directly to scp. I guess that is obvious when you think about it.
– Keeely
Nov 24 '18 at 21:30
add a comment |
You can now* do this as a one-liner, without requiring nc anywhere:
scp -o "ProxyCommand ssh pcreds@proxy.machine -W %h:%p" tcreds@target.machine:file .
Explanation
pcreds and tcreds represent your proxy and target credentials if required (username, username:password, etc.).
This is possible because of a built-in netcat-like ability, removing the requirement for nc on the intermediate host. Using ssh -W host:port sets up a tunnel to the specified host and port and connects it to stdin/stdout, and then scp runs over the tunnel.
The %h and %p in the ProxyCommand are replaced with the target host and port you specify.
For even more convenience, you can configure the proxy in your ssh configuration:
Host target.machine
ProxyCommand ssh pcreds@proxy.machine -W %h:%p
and from then on just do
scp tcreds@target.machine:file .
* since OpenSSH 5.4 - released March 2010
answered Feb 2 '16 at 11:00
CupawnTae
280210
1
Verified this indeed works well, and does not leave stale NC processes laying around on the proxy machine.
– LaXDragon
May 6 '16 at 15:01
1
Where can I specify the port of the proxy ?
– Marged
Dec 7 '17 at 18:01
1
@Marged I'm not in a position to try it here at the moment, but I think you should be able to include-p <portnum>before the-Win either method to specify the proxy port
– CupawnTae
Dec 10 '17 at 21:04
1
It took me a while to figure out that the -i option (if you need it) goes inside the quotes. The proxy ssh does not by default use the same private key specified by any -i option supplied directly to scp. I guess that is obvious when you think about it.
– Keeely
Nov 24 '18 at 21:30
add a comment |
You can now* do this as a one-liner, without requiring nc anywhere:
scp -o "ProxyCommand ssh pcreds@proxy.machine -W %h:%p" tcreds@target.machine:file .
Explanation
pcreds and tcreds represent your proxy and target credentials if required (username, username:password, etc.).
This is possible because of a built-in netcat-like ability, removing the requirement for nc on the intermediate host. Using ssh -W host:port sets up a tunnel to the specified host and port and connects it to stdin/stdout, and then scp runs over the tunnel.
The %h and %p in the ProxyCommand are replaced with the target host and port you specify.
For even more convenience, you can configure the proxy in your ssh configuration:
Host target.machine
ProxyCommand ssh pcreds@proxy.machine -W %h:%p
and from then on just do
scp tcreds@target.machine:file .
* since OpenSSH 5.4 - released March 2010
answered Feb 2 '16 at 11:00
CupawnTae
280210
You can now* do this as a one-liner, without requiring nc anywhere:
scp -o "ProxyCommand ssh pcreds@proxy.machine -W %h:%p" tcreds@target.machine:file .
Explanation
pcreds and tcreds represent your proxy and target credentials if required (username, username:password, etc.).
This is possible because of a built-in netcat-like ability, removing the requirement for nc on the intermediate host. Using ssh -W host:port sets up a tunnel to the specified host and port and connects it to stdin/stdout, and then scp runs over the tunnel.
The %h and %p in the ProxyCommand are replaced with the target host and port you specify.
For even more convenience, you can configure the proxy in your ssh configuration:
Host target.machine
ProxyCommand ssh pcreds@proxy.machine -W %h:%p
and from then on just do
scp tcreds@target.machine:file .
* since OpenSSH 5.4 - released March 2010
answered Feb 2 '16 at 11:00
CupawnTae
280210
edited Sep 20 '18 at 21:09
answered Feb 2 '16 at 11:00
CupawnTae
280210
answered Feb 2 '16 at 11:00
CupawnTae
280210
answered Feb 2 '16 at 11:00
CupawnTae
280210
280210
1
Verified this indeed works well, and does not leave stale NC processes laying around on the proxy machine.
– LaXDragon
May 6 '16 at 15:01
1
Where can I specify the port of the proxy ?
– Marged
Dec 7 '17 at 18:01
1
@Marged I'm not in a position to try it here at the moment, but I think you should be able to include-p <portnum>before the-Win either method to specify the proxy port
– CupawnTae
Dec 10 '17 at 21:04
1
It took me a while to figure out that the -i option (if you need it) goes inside the quotes. The proxy ssh does not by default use the same private key specified by any -i option supplied directly to scp. I guess that is obvious when you think about it.
– Keeely
Nov 24 '18 at 21:30
add a comment |
1
Verified this indeed works well, and does not leave stale NC processes laying around on the proxy machine.
– LaXDragon
May 6 '16 at 15:01
1
Where can I specify the port of the proxy ?
– Marged
Dec 7 '17 at 18:01
1
@Marged I'm not in a position to try it here at the moment, but I think you should be able to include-p <portnum>before the-Win either method to specify the proxy port
– CupawnTae
Dec 10 '17 at 21:04
1
It took me a while to figure out that the -i option (if you need it) goes inside the quotes. The proxy ssh does not by default use the same private key specified by any -i option supplied directly to scp. I guess that is obvious when you think about it.
– Keeely
Nov 24 '18 at 21:30
1
1
Verified this indeed works well, and does not leave stale NC processes laying around on the proxy machine.
– LaXDragon
May 6 '16 at 15:01
Verified this indeed works well, and does not leave stale NC processes laying around on the proxy machine.
– LaXDragon
May 6 '16 at 15:01
1
1
Where can I specify the port of the proxy ?
– Marged
Dec 7 '17 at 18:01
Where can I specify the port of the proxy ?
– Marged
Dec 7 '17 at 18:01
1
1
@Marged I'm not in a position to try it here at the moment, but I think you should be able to include
-p <portnum> before the -W in either method to specify the proxy port– CupawnTae
Dec 10 '17 at 21:04
@Marged I'm not in a position to try it here at the moment, but I think you should be able to include
-p <portnum> before the -W in either method to specify the proxy port– CupawnTae
Dec 10 '17 at 21:04
1
1
It took me a while to figure out that the -i option (if you need it) goes inside the quotes. The proxy ssh does not by default use the same private key specified by any -i option supplied directly to scp. I guess that is obvious when you think about it.
– Keeely
Nov 24 '18 at 21:30
It took me a while to figure out that the -i option (if you need it) goes inside the quotes. The proxy ssh does not by default use the same private key specified by any -i option supplied directly to scp. I guess that is obvious when you think about it.
– Keeely
Nov 24 '18 at 21:30
add a comment |
$ ssh -f -N -L <localport>:<target.machine:port> user@proxy.machine
$ scp target-user@local.machine:/remote/file -P <localport> .
OK, actually two commands...
answered Aug 10 '10 at 11:44
weeheavy
531311
1
How can I specify the port of my proxy ? In my case8080
– Marged
Dec 7 '17 at 18:00
@Marged add-p <portnumber>to your ssh command
– weeheavy
Jan 21 '18 at 20:51
add a comment |
$ ssh -f -N -L <localport>:<target.machine:port> user@proxy.machine
$ scp target-user@local.machine:/remote/file -P <localport> .
OK, actually two commands...
answered Aug 10 '10 at 11:44
weeheavy
531311
1
How can I specify the port of my proxy ? In my case8080
– Marged
Dec 7 '17 at 18:00
@Marged add-p <portnumber>to your ssh command
– weeheavy
Jan 21 '18 at 20:51
add a comment |
$ ssh -f -N -L <localport>:<target.machine:port> user@proxy.machine
$ scp target-user@local.machine:/remote/file -P <localport> .
OK, actually two commands...
answered Aug 10 '10 at 11:44
weeheavy
531311
$ ssh -f -N -L <localport>:<target.machine:port> user@proxy.machine
$ scp target-user@local.machine:/remote/file -P <localport> .
OK, actually two commands...
answered Aug 10 '10 at 11:44
weeheavy
531311
answered Aug 10 '10 at 11:44
weeheavy
531311
answered Aug 10 '10 at 11:44
weeheavy
531311
answered Aug 10 '10 at 11:44
weeheavy
531311
531311
1
How can I specify the port of my proxy ? In my case8080
– Marged
Dec 7 '17 at 18:00
@Marged add-p <portnumber>to your ssh command
– weeheavy
Jan 21 '18 at 20:51
add a comment |
1
How can I specify the port of my proxy ? In my case8080
– Marged
Dec 7 '17 at 18:00
@Marged add-p <portnumber>to your ssh command
– weeheavy
Jan 21 '18 at 20:51
1
1
How can I specify the port of my proxy ? In my case
8080– Marged
Dec 7 '17 at 18:00
How can I specify the port of my proxy ? In my case
8080– Marged
Dec 7 '17 at 18:00
@Marged add
-p <portnumber> to your ssh command– weeheavy
Jan 21 '18 at 20:51
@Marged add
-p <portnumber> to your ssh command– weeheavy
Jan 21 '18 at 20:51
add a comment |
A one-liner? Not off the top of my head. You need to establish a proxy first and you can't do that with scp by itself.
When doing it manually, I open up a screen session for my tunnel:
screen -S tunnel
Screen is used to keep the tunnel going in a background shell. Use any technique you want to keep the tunnel open in the background (@weeheavy's answer is probably the simplest). Once in the screen session I start my tunnel like so
ssh -L 2222:target.machine:22 [user@]proxy.machine
To break that down, that basically says "On my local machine, open port 2222 and any connetion hitting localhost:2222 is proxied through proxy.machine to target.machine:22"
Once you've got the ssh connection and tunnel established, detach from the screen session with "C-a d". To get back to that screen session, type screen -raAd tunnel
Once you are back in your original shell your scp command will look like
scp -P 2222 localhost:your/file/on/target.machine local/path
Remember that localhost port 2222 is really just a tunnel going to target.machine.
answered Aug 10 '10 at 11:45
whaley
1,286186
add a comment |
A one-liner? Not off the top of my head. You need to establish a proxy first and you can't do that with scp by itself.
When doing it manually, I open up a screen session for my tunnel:
screen -S tunnel
Screen is used to keep the tunnel going in a background shell. Use any technique you want to keep the tunnel open in the background (@weeheavy's answer is probably the simplest). Once in the screen session I start my tunnel like so
ssh -L 2222:target.machine:22 [user@]proxy.machine
To break that down, that basically says "On my local machine, open port 2222 and any connetion hitting localhost:2222 is proxied through proxy.machine to target.machine:22"
Once you've got the ssh connection and tunnel established, detach from the screen session with "C-a d". To get back to that screen session, type screen -raAd tunnel
Once you are back in your original shell your scp command will look like
scp -P 2222 localhost:your/file/on/target.machine local/path
Remember that localhost port 2222 is really just a tunnel going to target.machine.
answered Aug 10 '10 at 11:45
whaley
1,286186
add a comment |
A one-liner? Not off the top of my head. You need to establish a proxy first and you can't do that with scp by itself.
When doing it manually, I open up a screen session for my tunnel:
screen -S tunnel
Screen is used to keep the tunnel going in a background shell. Use any technique you want to keep the tunnel open in the background (@weeheavy's answer is probably the simplest). Once in the screen session I start my tunnel like so
ssh -L 2222:target.machine:22 [user@]proxy.machine
To break that down, that basically says "On my local machine, open port 2222 and any connetion hitting localhost:2222 is proxied through proxy.machine to target.machine:22"
Once you've got the ssh connection and tunnel established, detach from the screen session with "C-a d". To get back to that screen session, type screen -raAd tunnel
Once you are back in your original shell your scp command will look like
scp -P 2222 localhost:your/file/on/target.machine local/path
Remember that localhost port 2222 is really just a tunnel going to target.machine.
answered Aug 10 '10 at 11:45
whaley
1,286186
A one-liner? Not off the top of my head. You need to establish a proxy first and you can't do that with scp by itself.
When doing it manually, I open up a screen session for my tunnel:
screen -S tunnel
Screen is used to keep the tunnel going in a background shell. Use any technique you want to keep the tunnel open in the background (@weeheavy's answer is probably the simplest). Once in the screen session I start my tunnel like so
ssh -L 2222:target.machine:22 [user@]proxy.machine
To break that down, that basically says "On my local machine, open port 2222 and any connetion hitting localhost:2222 is proxied through proxy.machine to target.machine:22"
Once you've got the ssh connection and tunnel established, detach from the screen session with "C-a d". To get back to that screen session, type screen -raAd tunnel
Once you are back in your original shell your scp command will look like
scp -P 2222 localhost:your/file/on/target.machine local/path
Remember that localhost port 2222 is really just a tunnel going to target.machine.
answered Aug 10 '10 at 11:45
whaley
1,286186
edited Aug 10 '10 at 11:50
answered Aug 10 '10 at 11:45
whaley
1,286186
answered Aug 10 '10 at 11:45
whaley
1,286186
answered Aug 10 '10 at 11:45
whaley
1,286186
1,286186
add a comment |
add a comment |
How about:
scp -o "ProxyCommand ssh user@myproxyserver.com nc %h %p" your.filename username@yourdestination.yourdomain.com:/whatever_location
edited May 22 '15 at 14:50
kenorb
10.7k1577111
answered May 22 '15 at 14:23
eggroll77
191
or possibly username:password here?
– rogerdpack
Sep 11 '15 at 19:44
add a comment |
How about:
scp -o "ProxyCommand ssh user@myproxyserver.com nc %h %p" your.filename username@yourdestination.yourdomain.com:/whatever_location
edited May 22 '15 at 14:50
kenorb
10.7k1577111
answered May 22 '15 at 14:23
eggroll77
191
or possibly username:password here?
– rogerdpack
Sep 11 '15 at 19:44
add a comment |
How about:
scp -o "ProxyCommand ssh user@myproxyserver.com nc %h %p" your.filename username@yourdestination.yourdomain.com:/whatever_location
edited May 22 '15 at 14:50
kenorb
10.7k1577111
answered May 22 '15 at 14:23
eggroll77
191
How about:
scp -o "ProxyCommand ssh user@myproxyserver.com nc %h %p" your.filename username@yourdestination.yourdomain.com:/whatever_location
edited May 22 '15 at 14:50
kenorb
10.7k1577111
answered May 22 '15 at 14:23
eggroll77
191
edited May 22 '15 at 14:50
kenorb
10.7k1577111
edited May 22 '15 at 14:50
kenorb
10.7k1577111
edited May 22 '15 at 14:50
kenorb
10.7k1577111
10.7k1577111
answered May 22 '15 at 14:23
eggroll77
191
answered May 22 '15 at 14:23
eggroll77
191
answered May 22 '15 at 14:23
eggroll77
191
191
or possibly username:password here?
– rogerdpack
Sep 11 '15 at 19:44
add a comment |
or possibly username:password here?
– rogerdpack
Sep 11 '15 at 19:44
or possibly username:password here?
– rogerdpack
Sep 11 '15 at 19:44
or possibly username:password here?
– rogerdpack
Sep 11 '15 at 19:44
add a comment |
Appears that scp supports the"-o" option just like ssh does, though I'm not sure how to pass it a proxy username/password:
scp -o "ProxyCommand=nc -X connect -x proxyhost:proxyport %h %p" remote_user@remote_host:remote_path local_path
If you get nc: invalid option -- X see https://stackoverflow.com/a/23616021/32453
edited May 23 '17 at 12:41
Community♦
1
answered May 12 '14 at 18:22
rogerdpack
85621428
dope bro, worked straightaway :)
– Elouan Keryell-Even
Jun 2 '16 at 14:06
add a comment |
Appears that scp supports the"-o" option just like ssh does, though I'm not sure how to pass it a proxy username/password:
scp -o "ProxyCommand=nc -X connect -x proxyhost:proxyport %h %p" remote_user@remote_host:remote_path local_path
If you get nc: invalid option -- X see https://stackoverflow.com/a/23616021/32453
edited May 23 '17 at 12:41
Community♦
1
answered May 12 '14 at 18:22
rogerdpack
85621428
dope bro, worked straightaway :)
– Elouan Keryell-Even
Jun 2 '16 at 14:06
add a comment |
Appears that scp supports the"-o" option just like ssh does, though I'm not sure how to pass it a proxy username/password:
scp -o "ProxyCommand=nc -X connect -x proxyhost:proxyport %h %p" remote_user@remote_host:remote_path local_path
If you get nc: invalid option -- X see https://stackoverflow.com/a/23616021/32453
edited May 23 '17 at 12:41
Community♦
1
answered May 12 '14 at 18:22
rogerdpack
85621428
Appears that scp supports the"-o" option just like ssh does, though I'm not sure how to pass it a proxy username/password:
scp -o "ProxyCommand=nc -X connect -x proxyhost:proxyport %h %p" remote_user@remote_host:remote_path local_path
If you get nc: invalid option -- X see https://stackoverflow.com/a/23616021/32453
edited May 23 '17 at 12:41
Community♦
1
answered May 12 '14 at 18:22
rogerdpack
85621428
edited May 23 '17 at 12:41
Community♦
1
edited May 23 '17 at 12:41
Community♦
1
edited May 23 '17 at 12:41
Community♦
1
1
answered May 12 '14 at 18:22
rogerdpack
85621428
answered May 12 '14 at 18:22
rogerdpack
85621428
answered May 12 '14 at 18:22
rogerdpack
85621428
85621428
dope bro, worked straightaway :)
– Elouan Keryell-Even
Jun 2 '16 at 14:06
add a comment |
dope bro, worked straightaway :)
– Elouan Keryell-Even
Jun 2 '16 at 14:06
dope bro, worked straightaway :)
– Elouan Keryell-Even
Jun 2 '16 at 14:06
dope bro, worked straightaway :)
– Elouan Keryell-Even
Jun 2 '16 at 14:06
add a comment |
You could try something like:
ssh user@proxy.machine "ssh user@target.machine 'cat > file'" < file
But it won't work if your proxy.machine needs to ask you password (that SSH is not in a TTY, so askpass will fail).
If you have more than one file, you could use tar like this (untested, I usually use a netcat that way):
tar cf - file1 file2 folder1/ | ssh user@proxy.machine "ssh user@target.machine 'tar xvf -'"
answered Aug 10 '10 at 12:23
Eric Darchis
1,098912
add a comment |
You could try something like:
ssh user@proxy.machine "ssh user@target.machine 'cat > file'" < file
But it won't work if your proxy.machine needs to ask you password (that SSH is not in a TTY, so askpass will fail).
If you have more than one file, you could use tar like this (untested, I usually use a netcat that way):
tar cf - file1 file2 folder1/ | ssh user@proxy.machine "ssh user@target.machine 'tar xvf -'"
answered Aug 10 '10 at 12:23
Eric Darchis
1,098912
add a comment |
You could try something like:
ssh user@proxy.machine "ssh user@target.machine 'cat > file'" < file
But it won't work if your proxy.machine needs to ask you password (that SSH is not in a TTY, so askpass will fail).
If you have more than one file, you could use tar like this (untested, I usually use a netcat that way):
tar cf - file1 file2 folder1/ | ssh user@proxy.machine "ssh user@target.machine 'tar xvf -'"
answered Aug 10 '10 at 12:23
Eric Darchis
1,098912
You could try something like:
ssh user@proxy.machine "ssh user@target.machine 'cat > file'" < file
But it won't work if your proxy.machine needs to ask you password (that SSH is not in a TTY, so askpass will fail).
If you have more than one file, you could use tar like this (untested, I usually use a netcat that way):
tar cf - file1 file2 folder1/ | ssh user@proxy.machine "ssh user@target.machine 'tar xvf -'"
answered Aug 10 '10 at 12:23
Eric Darchis
1,098912
answered Aug 10 '10 at 12:23
Eric Darchis
1,098912
answered Aug 10 '10 at 12:23
Eric Darchis
1,098912
answered Aug 10 '10 at 12:23
Eric Darchis
1,098912
1,098912
add a comment |
add a comment |
Another simple solution
to transfer a source_file from the source_host to a destination_host via a proxy_host:
Log in on the proxy_server:
ssh login@proxy_host
From the proxy server, transfer the source_file from the source_host to the destination_host (you can type this as one line, omitting the ,
or as two lines, as shown below):
scp login@source_host:/path_to_source_file
login@destination_host:/path_to_destination_directory
This requires that the login on the source_host to the proxy_host uses an rsa_key.
edited Nov 17 '15 at 19:16
G-Man
5,566112357
answered Nov 17 '15 at 15:08
lomai
1
add a comment |
Another simple solution
to transfer a source_file from the source_host to a destination_host via a proxy_host:
Log in on the proxy_server:
ssh login@proxy_host
From the proxy server, transfer the source_file from the source_host to the destination_host (you can type this as one line, omitting the ,
or as two lines, as shown below):
scp login@source_host:/path_to_source_file
login@destination_host:/path_to_destination_directory
This requires that the login on the source_host to the proxy_host uses an rsa_key.
edited Nov 17 '15 at 19:16
G-Man
5,566112357
answered Nov 17 '15 at 15:08
lomai
1
add a comment |
Another simple solution
to transfer a source_file from the source_host to a destination_host via a proxy_host:
Log in on the proxy_server:
ssh login@proxy_host
From the proxy server, transfer the source_file from the source_host to the destination_host (you can type this as one line, omitting the ,
or as two lines, as shown below):
scp login@source_host:/path_to_source_file
login@destination_host:/path_to_destination_directory
This requires that the login on the source_host to the proxy_host uses an rsa_key.
edited Nov 17 '15 at 19:16
G-Man
5,566112357
answered Nov 17 '15 at 15:08
lomai
1
Another simple solution
to transfer a source_file from the source_host to a destination_host via a proxy_host:
Log in on the proxy_server:
ssh login@proxy_host
From the proxy server, transfer the source_file from the source_host to the destination_host (you can type this as one line, omitting the ,
or as two lines, as shown below):
scp login@source_host:/path_to_source_file
login@destination_host:/path_to_destination_directory
This requires that the login on the source_host to the proxy_host uses an rsa_key.
edited Nov 17 '15 at 19:16
G-Man
5,566112357
answered Nov 17 '15 at 15:08
lomai
1
edited Nov 17 '15 at 19:16
G-Man
5,566112357
edited Nov 17 '15 at 19:16
G-Man
5,566112357
edited Nov 17 '15 at 19:16
G-Man
5,566112357
5,566112357
answered Nov 17 '15 at 15:08
lomai
1
answered Nov 17 '15 at 15:08
lomai
1
answered Nov 17 '15 at 15:08
lomai
1
1
add a comment |
add a comment |
In case you need to use public keys you will need something like this.
Host target-machine
User target-user
HostName target.example.com
IdentityFile /path/to/file.pem
ProxyCommand ssh bastion -W %h:%p
Host bastion
User bastion-user
HostName bastion.example.com
IdentityFile /path/to/file.pem
answered Dec 19 '18 at 14:45
Leo
1012
add a comment |
In case you need to use public keys you will need something like this.
Host target-machine
User target-user
HostName target.example.com
IdentityFile /path/to/file.pem
ProxyCommand ssh bastion -W %h:%p
Host bastion
User bastion-user
HostName bastion.example.com
IdentityFile /path/to/file.pem
answered Dec 19 '18 at 14:45
Leo
1012
add a comment |
In case you need to use public keys you will need something like this.
Host target-machine
User target-user
HostName target.example.com
IdentityFile /path/to/file.pem
ProxyCommand ssh bastion -W %h:%p
Host bastion
User bastion-user
HostName bastion.example.com
IdentityFile /path/to/file.pem
answered Dec 19 '18 at 14:45
Leo
1012
In case you need to use public keys you will need something like this.
Host target-machine
User target-user
HostName target.example.com
IdentityFile /path/to/file.pem
ProxyCommand ssh bastion -W %h:%p
Host bastion
User bastion-user
HostName bastion.example.com
IdentityFile /path/to/file.pem
answered Dec 19 '18 at 14:45
Leo
1012
answered Dec 19 '18 at 14:45
Leo
1012
answered Dec 19 '18 at 14:45
Leo
1012
answered Dec 19 '18 at 14:45
Leo
1012
1012
add a comment |
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f174160%2fscp-over-a-proxy-with-one-command-from-local-machine%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
