Must I sftp to an intermediate server?

linux bash unix ssh sftp
17,960

Solution 1

From your local machine you can create am SSH tunnel through the intermediate host to the final host:

ssh user@intermediate -L 2000:final:22 -N

This will open port 2000 on your localhost that will connect directly to the final server on port 22, by tunneling through the intermediate host. Now in another prompt connect with sftp on port 2000 to be tunneled through to the final server, noting that the user specified here is for the final host:

sftp -P 2000 user@localhost

Seems like this belongs on superuser.com or serverfault.com though.

Solution 2

Since I originally wrote this answer, OpenSSH has added an easier way to do this. If you have at least OpenSSH 8.0 on your home machine and 7.3 on the intermediate host, you can use the new jump host (-J) option:

sftp -J user@intermediatehost user@finalhost

If you have at least 7.3 on both the home and intermediate hosts, you can do the same thing with the ProxyJump option in your ~/.ssh/config file:

Host finalhost
    ProxyJump user@intermediatehost

With that entry, you can use sftp, scp, and ssh to finalhost, and it'll automatically invoke the tunnel. The only nontransparent part is that it'll prompt for two passwords (intermediatehost followed by finalhost), but if you want you can eliminate that as well with SSH keypairs.

If you don't have new enough versions of OpenSSH, you can still use the ProxyCommand option to do essentially the same thing:

sftp -o "ProxyCommand=ssh -e none user@intermediatehost exec /usr/bin/nc %h %p 2>/dev/null" user@finalhost

(That's assuming the intermediate host has netcat installed as /usr/bin/nc -- if not, you may have to find/install some equivalent way of gatewaying stdin&stdout into a TCP session.)

And the equivalent ~/.ssh/config option:

Host finalhost
    ProxyCommand ssh -e none user@intermediatehost exec nc %h %p 2>/dev/null

See the OpenSSH Cookbook on Wikibooks for more info.

Solution 3

You can pipe data to the ssh process running on your machine, then run a command on the intermediate machine which reads stdin and sends it to sftp as appropriate.

This can be done in a oneliner on your local machine, though the quoting of arguments to ssh will require care. I am on my phone right now so unfortunately cannot type the details. Perhaps somebody else can complete this answer as an exercise!

Share:
17,960

Related videos on Youtube

user74094
Author by

user74094

Updated on September 18, 2022

Comments

  • user74094
    user74094 over 1 year

    I can't sftp directly into a particular host. To move a file from my home machine to the host, I must sftp a file to an intermediate host; ssh into the intermediate host; and sftp the file to the final destination. Is it possible to avoid such madness?

  • Admin
    Admin about 13 years
    Thanks, I'll try that; and you're right it is the wrong forum; sorry.
  • user74094
    user74094 about 13 years
    I like it, so I tried it. It took the password for A, then produced the message: Host key verification failed.
  • user74094
    user74094 about 13 years
    Thanks Gordon. It takes both passwords then halts with the message: Received message too long 1131376238
  • user74094
    user74094 about 13 years
    After giving the user@localhost password I received the message: Received message too long 1131376238
  • Gordon Davisson
    Gordon Davisson about 13 years
    It sounds like something in the connection -- maybe a login script at one of the hosts, maybe nc -- is writing some extra text over the connection that's confusing sftp (see this FAQ at snailbook.com). 1131376238 is the decimal encoding of the ascii characters "Conn", so it's probably a message like "Connecting to..." "Connected from..." or maybe "Connection failed". Try it with ssh instead of sftp, see if the message is printed visibly and maybe you can tell where it's coming from.
  • user74094
    user74094 about 13 years
    ssh worked fine. I should also mention that I am often faced with this question:The authenticity of host 'xxxxx (<no hostip for proxy command>)' can't be established. RSA key fingerprint is 37:40:d4:c7:etc.. Are you sure you want to continue connecting (yes/no)? yes
  • Travis Leleu
    Travis Leleu almost 12 years
    Gordon, very useful! I'm adding this to my text file of command line fu oneliners. Thanks a ton!
  • equaeghe
    equaeghe about 8 years
    Is the exec necessary? (It works fine here without that part.)

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How can I launch multiple xterm windows and run a command on each, leaving each window open afterward?
how to make SSH command execution to timeout
PuTTY closes after login
What happens to running processes when I lose a remote connection to a *nix box?
How to open sftp connection and execute sftp command in the same shell command
Can you have more than one ~/.ssh/config file?
ssh command output to save in a text file in shell script
How to run the sftp command with a password from Bash script?
How to pass local variable to remote using ssh and bash script?
Why does my remote process still run after killing an ssh session?