scp via a intermediate computer - SSH

This is a discussion on scp via a intermediate computer - SSH ; Hi, For some reason, I can only access computer A through computer B. That is, suppose my computer is C, I can ssh to B from C, but I can not ssh to A from C. Once I login computer ...

+ Reply to Thread
Results 1 to 13 of 13

Thread: scp via a intermediate computer

  1. scp via a intermediate computer

    Hi,

    For some reason, I can only access computer A through computer B. That
    is, suppose my computer is C, I can ssh to B from C, but I can not ssh
    to A from C. Once I login computer B, I can ssh to A from B.

    I'm wondering how to use port forwarding on B such that I can scp from
    A to C. Otherwise, I'll have to scp files from A to B and then B to C,
    which is too annoying.

    Would you please let me know the command so that I can scp A to C
    without creating any temporary files on B?

    Thanks,
    Peng

  2. Re: scp via a intermediate computer

    Peng Yu wrote:
    > Hi,
    >
    > For some reason, I can only access computer A through computer B. That
    > is, suppose my computer is C, I can ssh to B from C, but I can not ssh
    > to A from C. Once I login computer B, I can ssh to A from B.
    >
    > I'm wondering how to use port forwarding on B such that I can scp from
    > A to C. Otherwise, I'll have to scp files from A to B and then B to C,
    > which is too annoying.
    >
    > Would you please let me know the command so that I can scp A to C
    > without creating any temporary files on B?
    >
    > Thanks,
    > Peng


    assuming your ssh daemons listen on port 22

    1. choose an unused tcp port on B, say 1111
    2. on A: ssh -nR 1111:C:22 B &
    this sets up port forwarding from B:1111 to C:22, you need this once.
    it tells you the pid on startup, you can kill the process once you
    don't need the forwarding anymore
    note that B must be able to resolve the hostname "C" to an IP address
    3. now on A: scp -P 1111 something B:
    your scp now connects to B:1111 which has been forwarded to C:22

    step 3 might need an "-o stricthostkeychecking=no" since scp believes it
    is connecting to B but through the forwarding is actually talking to C,
    which should have a different host key.

    Regards
    Joachim

  3. Re: scp via a intermediate computer

    Peng Yu wrote:

    > For some reason, I can only access computer A through computer B.
    > That is, suppose my computer is C, I can ssh to B from C, but I can
    > not ssh to A from C. Once I login computer B, I can ssh to A from B.
    >
    > I'm wondering how to use port forwarding on B such that I can scp
    > from A to C. Otherwise, I'll have to scp files from A to B and then B
    > to C, which is too annoying.
    >
    > Would you please let me know the command so that I can scp A to C
    > without creating any temporary files on B?


    If there is some kind of netcat/nc available on B:

    scp -o 'ProxyCommand ssh B nc -q 0 %h %p' ...

  4. Re: scp via a intermediate computer

    Joachim Gann wrote:

    > step 3 might need an "-o stricthostkeychecking=no" since scp believes
    > it is connecting to B but through the forwarding is actually talking
    > to C, which should have a different host key.


    One could also use "-o HostKeyAlias=C". This way the host key of C is
    checked regardless of the port forwarding.

  5. Re: scp via a intermediate computer

    On May 25, 8:16 am, Joachim Gann wrote:
    > Peng Yu wrote:
    > > Hi,

    >
    > > For some reason, I can only access computer A through computer B. That
    > > is, suppose my computer is C, I can ssh to B from C, but I can not ssh
    > > to A from C. Once I login computer B, I can ssh to A from B.

    >
    > > I'm wondering how to use port forwarding on B such that I can scp from
    > > A to C. Otherwise, I'll have to scp files from A to B and then B to C,
    > > which is too annoying.

    >
    > > Would you please let me know the command so that I can scp A to C
    > > without creating any temporary files on B?

    >
    > > Thanks,
    > > Peng

    >
    > assuming your ssh daemons listen on port 22
    >
    > 1. choose an unused tcp port on B, say 1111
    > 2. on A: ssh -nR 1111:C:22 B &
    > this sets up port forwarding from B:1111 to C:22, you need this once.
    > it tells you the pid on startup, you can kill the process once you
    > don't need the forwarding anymore
    > note that B must be able to resolve the hostname "C" to an IP address
    > 3. now on A: scp -P 1111 something B:
    > your scp now connects to B:1111 which has been forwarded to C:22
    >
    > step 3 might need an "-o stricthostkeychecking=no" since scp believes it
    > is connecting to B but through the forwarding is actually talking to C,
    > which should have a different host key.
    >
    > Regards
    > Joachim


    Hi Joachim,

    I'm confused by your reply. Do you assume that I can connect in the
    way A->B->C, where A is the local machine, B is the intermediate
    machine, C is the remote machines, A can see B but not C, neither B
    nor C can see A, and B can see C?

    My assumption is the other way around C->B->A. Therefore, in order to
    do step 2, I have to ssh to B first, then ssh to A from B. Is it what
    you mean?

    Thanks,
    Peng

  6. Re: scp via a intermediate computer

    Peng Yu wrote:
    > On May 25, 8:16 am, Joachim Gann wrote:
    >> Peng Yu wrote:
    >>> Hi,
    >>> For some reason, I can only access computer A through computer B. That
    >>> is, suppose my computer is C, I can ssh to B from C, but I can not ssh
    >>> to A from C. Once I login computer B, I can ssh to A from B.
    >>> I'm wondering how to use port forwarding on B such that I can scp from
    >>> A to C. Otherwise, I'll have to scp files from A to B and then B to C,
    >>> which is too annoying.
    >>> Would you please let me know the command so that I can scp A to C
    >>> without creating any temporary files on B?
    >>> Thanks,
    >>> Peng

    >> assuming your ssh daemons listen on port 22
    >>
    >> 1. choose an unused tcp port on B, say 1111
    >> 2. on A: ssh -nR 1111:C:22 B &
    >> this sets up port forwarding from B:1111 to C:22, you need this once.
    >> it tells you the pid on startup, you can kill the process once you
    >> don't need the forwarding anymore
    >> note that B must be able to resolve the hostname "C" to an IP address
    >> 3. now on A: scp -P 1111 something B:
    >> your scp now connects to B:1111 which has been forwarded to C:22
    >>
    >> step 3 might need an "-o stricthostkeychecking=no" since scp believes it
    >> is connecting to B but through the forwarding is actually talking to C,
    >> which should have a different host key.
    >>
    >> Regards
    >> Joachim

    >
    > Hi Joachim,
    >
    > I'm confused by your reply. Do you assume that I can connect in the
    > way A->B->C, where A is the local machine, B is the intermediate
    > machine, C is the remote machines, A can see B but not C, neither B
    > nor C can see A, and B can see C?
    >
    > My assumption is the other way around C->B->A. Therefore, in order to
    > do step 2, I have to ssh to B first, then ssh to A from B. Is it what
    > you mean?
    >
    > Thanks,
    > Peng


    well, exchange C and A in my recipe above if your order is different
    than I assumed.

  7. Re: scp via a intermediate computer

    Joachim Gann writes:

    >Peng Yu wrote:
    >> On May 25, 8:16 am, Joachim Gann wrote:
    >>> Peng Yu wrote:
    >>>> Hi,
    >>>> For some reason, I can only access computer A through computer B. That
    >>>> is, suppose my computer is C, I can ssh to B from C, but I can not ssh
    >>>> to A from C. Once I login computer B, I can ssh to A from B.


    Why can you not ssh from A to C? Is that outlawed by your organisation? Or
    are you responsible for all the machines? Can you look in the logs to see
    what the response on C is when you try to log in from A with ssh?

    Or are you trying to evade your company's policies?



  8. Re: scp via a intermediate computer

    On May 25, 6:16 am, Joachim Gann wrote:
    > Peng Yu wrote:
    > > Hi,

    >
    > > For some reason, I can only access computer A through computer B. That
    > > is, suppose my computer is C, I can ssh to B from C, but I can not ssh
    > > to A from C. Once I login computer B, I can ssh to A from B.

    >
    > > I'm wondering how to use port forwarding on B such that I can scp from
    > > A to C. Otherwise, I'll have to scp files from A to B and then B to C,
    > > which is too annoying.

    >
    > > Would you please let me know the command so that I can scp A to C
    > > without creating any temporary files on B?

    >
    > > Thanks,
    > > Peng

    >
    > assuming your ssh daemons listen on port 22
    >
    > 1. choose an unused tcp port on B, say 1111
    > 2. on A: ssh -nR 1111:C:22 B &
    > this sets up port forwarding from B:1111 to C:22, you need this once.
    > it tells you the pid on startup, you can kill the process once you
    > don't need the forwarding anymore
    > note that B must be able to resolve the hostname "C" to an IP address
    > 3. now on A: scp -P 1111 something B:
    > your scp now connects to B:1111 which has been forwarded to C:22
    >
    > step 3 might need an "-o stricthostkeychecking=no" since scp believes it
    > is connecting to B but through the forwarding is actually talking to C,
    > which should have a different host key.
    >
    > Regards
    > Joachim


    Hi Joachim,

    Assuming, A->B->C, where '->' means "can access". I tried

    2. on A: ssh -nR 1111:C:22 B
    This would prompt me to type passwd for B but not C.

    3. on A: scp -P 1111 something B:
    But I got the following error after step 3. Would you please let me
    know what is wrong? Do I need to somehow connect B to C some case

    ssh: connect to host B 1111: Connection refused
    lost connection

    Thanks,
    Peng

  9. Re: scp via a intermediate computer

    On Sat, 24 May 2008 15:18:13 -0700, Peng Yu wrote:

    > Hi,
    >
    > For some reason, I can only access computer A through computer B. That
    > is, suppose my computer is C, I can ssh to B from C, but I can not ssh
    > to A from C. Once I login computer B, I can ssh to A from B.
    >
    > I'm wondering how to use port forwarding on B such that I can scp from A
    > to C. Otherwise, I'll have to scp files from A to B and then B to C,
    > which is too annoying.
    >
    > Would you please let me know the command so that I can scp A to C
    > without creating any temporary files on B?


    If you are using OpenSSH (and possibly other implementations) on
    these three boxes you can do the following:

    On C execute

    ssh -fngT -L 3022:A:22 -C B ping -i 30 localhost > /dev/null 2>&1

    where A is A's IP address as accessible from B, and B is B's IP address as
    accessible from A.

    Then the command

    ssh -p 3022 localhost

    executed on C should give you direct access to A. Since scp is built on
    top of ssh, your problem is solved. In fact, if you add the following to
    your .ssh/config file in C:

    Host B_Name
    HostName localhost
    HostKeyAlias B_Name
    User
    Port 3022

    then the ssh and scp commands will have a seamless access B without any
    other changes. That is, the command

    scp f B_Name:

    executed on C would transfer file f to B.


  10. Re: scp via a intermediate computer

    Peng Yu wrote:
    > On May 25, 6:16 am, Joachim Gann wrote:
    >> Peng Yu wrote:
    >>> Hi,
    >>> For some reason, I can only access computer A through computer B. That
    >>> is, suppose my computer is C, I can ssh to B from C, but I can not ssh
    >>> to A from C. Once I login computer B, I can ssh to A from B.
    >>> I'm wondering how to use port forwarding on B such that I can scp from
    >>> A to C. Otherwise, I'll have to scp files from A to B and then B to C,
    >>> which is too annoying.
    >>> Would you please let me know the command so that I can scp A to C
    >>> without creating any temporary files on B?
    >>> Thanks,
    >>> Peng

    >> assuming your ssh daemons listen on port 22
    >>
    >> 1. choose an unused tcp port on B, say 1111
    >> 2. on A: ssh -nR 1111:C:22 B &
    >> this sets up port forwarding from B:1111 to C:22, you need this once.
    >> it tells you the pid on startup, you can kill the process once you
    >> don't need the forwarding anymore
    >> note that B must be able to resolve the hostname "C" to an IP address
    >> 3. now on A: scp -P 1111 something B:
    >> your scp now connects to B:1111 which has been forwarded to C:22
    >>
    >> step 3 might need an "-o stricthostkeychecking=no" since scp believes it
    >> is connecting to B but through the forwarding is actually talking to C,
    >> which should have a different host key.
    >>
    >> Regards
    >> Joachim

    >
    > Hi Joachim,
    >
    > Assuming, A->B->C, where '->' means "can access". I tried
    >
    > 2. on A: ssh -nR 1111:C:22 B
    > This would prompt me to type passwd for B but not C.


    Now enter the password for B. Leave the connection open. Read up the -R
    option in the ssh manual, to give yourself some clue on what you're
    doing. Then proceed with 3 in a new terminal session or window.
    I am used to using key authentication so I am not being asked for a
    password and put the step 2 ssh command in the background with &.

    Joachim

  11. Re: scp via a intermediate computer

    On May 27, 1:28 am, Joachim Gann wrote:
    > Peng Yu wrote:
    > > On May 25, 6:16 am, Joachim Gann wrote:
    > >> Peng Yu wrote:
    > >>> Hi,
    > >>> For some reason, I can only access computer A through computer B. That
    > >>> is, suppose my computer is C, I can ssh to B from C, but I can not ssh
    > >>> to A from C. Once I login computer B, I can ssh to A from B.
    > >>> I'm wondering how to use port forwarding on B such that I can scp from
    > >>> A to C. Otherwise, I'll have to scp files from A to B and then B to C,
    > >>> which is too annoying.
    > >>> Would you please let me know the command so that I can scp A to C
    > >>> without creating any temporary files on B?
    > >>> Thanks,
    > >>> Peng
    > >> assuming your ssh daemons listen on port 22

    >
    > >> 1. choose an unused tcp port on B, say 1111
    > >> 2. on A: ssh -nR 1111:C:22 B &
    > >> this sets up port forwarding from B:1111 to C:22, you need this once.
    > >> it tells you the pid on startup, you can kill the process once you
    > >> don't need the forwarding anymore
    > >> note that B must be able to resolve the hostname "C" to an IP address
    > >> 3. now on A: scp -P 1111 something B:
    > >> your scp now connects to B:1111 which has been forwarded to C:22

    >
    > >> step 3 might need an "-o stricthostkeychecking=no" since scp believes it
    > >> is connecting to B but through the forwarding is actually talking to C,
    > >> which should have a different host key.

    >
    > >> Regards
    > >> Joachim

    >
    > > Hi Joachim,

    >
    > > Assuming, A->B->C, where '->' means "can access". I tried

    >
    > > 2. on A: ssh -nR 1111:C:22 B
    > > This would prompt me to type passwd for B but not C.

    >
    > Now enter the password for B. Leave the connection open. Read up the -R
    > option in the ssh manual, to give yourself some clue on what you're
    > doing. Then proceed with 3 in a new terminal session or window.
    > I am used to using key authentication so I am not being asked for a
    > password and put the step 2 ssh command in the background with &.
    >
    > Joachim


    Hi Joachim,

    I tried 3. But it gave me errors:
    ssh: connect to host B 1111: Connection refused
    lost connection

    During the processes 1, 2, 3, I have never input passwd for C. Shall I
    expect to input the passwd for C in step 3?

    Thanks,
    Peng

  12. Re: scp via a intermediate computer

    Peng Yu wrote:
    > On May 27, 1:28 am, Joachim Gann wrote:
    >> Peng Yu wrote:
    >>> On May 25, 6:16 am, Joachim Gann wrote:
    >>>> Peng Yu wrote:
    >>>>> Hi,
    >>>>> For some reason, I can only access computer A through computer B. That
    >>>>> is, suppose my computer is C, I can ssh to B from C, but I can not ssh
    >>>>> to A from C. Once I login computer B, I can ssh to A from B.
    >>>>> I'm wondering how to use port forwarding on B such that I can scp from
    >>>>> A to C. Otherwise, I'll have to scp files from A to B and then B to C,
    >>>>> which is too annoying.
    >>>>> Would you please let me know the command so that I can scp A to C
    >>>>> without creating any temporary files on B?
    >>>>> Thanks,
    >>>>> Peng
    >>>> assuming your ssh daemons listen on port 22
    >>>> 1. choose an unused tcp port on B, say 1111
    >>>> 2. on A: ssh -nR 1111:C:22 B &
    >>>> this sets up port forwarding from B:1111 to C:22, you need this once.
    >>>> it tells you the pid on startup, you can kill the process once you
    >>>> don't need the forwarding anymore
    >>>> note that B must be able to resolve the hostname "C" to an IP address
    >>>> 3. now on A: scp -P 1111 something B:
    >>>> your scp now connects to B:1111 which has been forwarded to C:22
    >>>> step 3 might need an "-o stricthostkeychecking=no" since scp believes it
    >>>> is connecting to B but through the forwarding is actually talking to C,
    >>>> which should have a different host key.
    >>>> Regards
    >>>> Joachim
    >>> Hi Joachim,
    >>> Assuming, A->B->C, where '->' means "can access". I tried
    >>> 2. on A: ssh -nR 1111:C:22 B
    >>> This would prompt me to type passwd for B but not C.

    >> Now enter the password for B. Leave the connection open. Read up the -R
    >> option in the ssh manual, to give yourself some clue on what you're
    >> doing. Then proceed with 3 in a new terminal session or window.
    >> I am used to using key authentication so I am not being asked for a
    >> password and put the step 2 ssh command in the background with &.
    >>
    >> Joachim

    >
    > Hi Joachim,
    >
    > I tried 3. But it gave me errors:
    > ssh: connect to host B 1111: Connection refused
    > lost connection


    what do you think why was the connection refused?
    Because you did not complete step 2. have you entered the password for B
    and left the connection open as I suggested?

    >
    > During the processes 1, 2, 3, I have never input passwd for C. Shall I
    > expect to input the passwd for C in step 3?
    >
    > Thanks,
    > Peng


  13. Re: scp via a intermediate computer

    On May 27, 2:28 am, Joachim Gann wrote:
    > Peng Yu wrote:
    > > On May 27, 1:28 am, Joachim Gann wrote:
    > >> Peng Yu wrote:
    > >>> On May 25, 6:16 am, Joachim Gann wrote:
    > >>>> Peng Yu wrote:
    > >>>>> Hi,
    > >>>>> For some reason, I can only access computer A through computer B. That
    > >>>>> is, suppose my computer is C, I can ssh to B from C, but I can not ssh
    > >>>>> to A from C. Once I login computer B, I can ssh to A from B.
    > >>>>> I'm wondering how to use port forwarding on B such that I can scp from
    > >>>>> A to C. Otherwise, I'll have to scp files from A to B and then B to C,
    > >>>>> which is too annoying.
    > >>>>> Would you please let me know the command so that I can scp A to C
    > >>>>> without creating any temporary files on B?
    > >>>>> Thanks,
    > >>>>> Peng
    > >>>> assuming your ssh daemons listen on port 22
    > >>>> 1. choose an unused tcp port on B, say 1111
    > >>>> 2. on A: ssh -nR 1111:C:22 B &
    > >>>> this sets up port forwarding from B:1111 to C:22, you need this once.
    > >>>> it tells you the pid on startup, you can kill the process once you
    > >>>> don't need the forwarding anymore
    > >>>> note that B must be able to resolve the hostname "C" to an IP address
    > >>>> 3. now on A: scp -P 1111 something B:
    > >>>> your scp now connects to B:1111 which has been forwarded to C:22
    > >>>> step 3 might need an "-o stricthostkeychecking=no" since scp believes it
    > >>>> is connecting to B but through the forwarding is actually talking to C,
    > >>>> which should have a different host key.
    > >>>> Regards
    > >>>> Joachim
    > >>> Hi Joachim,
    > >>> Assuming, A->B->C, where '->' means "can access". I tried
    > >>> 2. on A: ssh -nR 1111:C:22 B
    > >>> This would prompt me to type passwd for B but not C.
    > >> Now enter the password for B. Leave the connection open. Read up the -R
    > >> option in the ssh manual, to give yourself some clue on what you're
    > >> doing. Then proceed with 3 in a new terminal session or window.
    > >> I am used to using key authentication so I am not being asked for a
    > >> password and put the step 2 ssh command in the background with &.

    >
    > >> Joachim

    >
    > > Hi Joachim,

    >
    > > I tried 3. But it gave me errors:
    > > ssh: connect to host B 1111: Connection refused
    > > lost connection

    >
    > what do you think why was the connection refused?
    > Because you did not complete step 2. have you entered the password for B
    > and left the connection open as I suggested?
    >


    Hi Joachim,

    I did enter password for B and let the connection open. But I never
    enter passwd for C. So I get rejected by C.

    Thanks,
    Peng

    >
    >
    > > During the processes 1, 2, 3, I have never input passwd for C. Shall I
    > > expect to input the passwd for C in step 3?

    >
    > > Thanks,
    > > Peng


+ Reply to Thread