Get file from server using SFTP/SCP which requires user switch on jump host












0















I'm trying to find an instant way to get to connect the ServerB, which is behind the firewall, through Server A and exchange files between Server B and my laptop.



Normally, the ssh login process looks like this.




  1. My Laptop->MiddleMan:


mylaptop: ssh myUser@ServerA (password auth)




  1. MiddleMan->Destination:


ServerA: sudo -u sharedUser ssh ServerB (no password)



I have to login to Server A using a restricted account myUser first, switch myUser to sharedUser on Server A, since only that sharedUser have the key for Server B. I don't have the key for Server B, and I have no privilege to r/w using myUser on Server A.



I've tried the one OpenSSH/Cookbook/Proxies and Jump Hosts, but it won't work because the myUser for Server A does not have the key (sharedUser on Server A has it) for logging in Server B.



      ssh                 sudo su                   ssh

Me -----------> myUser@A ---------> sharedUser@A -----------> B

       ^                     ^                        ^

   password              switch user        using sharedUser@A's

authentication                                     ssh key


Questions:




  1. I would like to know if there is a way to connect to Server B "directly" through SSH Proxy, or something else?


  2. Is there a method to remotely exchange files with Server B using SFTP/SCP.. etc thorough serveral hops and username change?



Thanks!






ssh openssh sftp scp







share|improve this question




















  • 1





    Edited. Actually I am asking for a way to transmit files between server behind several hops and local machine

    – oscarxvita
    Jan 23 at 11:59











  • What is your platform on the local machine?

    – Martin Prikryl
    Jan 23 at 13:49











  • @MartinPrikryl linux(centos 7)

    – oscarxvita
    Jan 24 at 13:16
















0















I'm trying to find an instant way to get to connect the ServerB, which is behind the firewall, through Server A and exchange files between Server B and my laptop.



Normally, the ssh login process looks like this.




  1. My Laptop->MiddleMan:


mylaptop: ssh myUser@ServerA (password auth)




  1. MiddleMan->Destination:


ServerA: sudo -u sharedUser ssh ServerB (no password)



I have to login to Server A using a restricted account myUser first, switch myUser to sharedUser on Server A, since only that sharedUser have the key for Server B. I don't have the key for Server B, and I have no privilege to r/w using myUser on Server A.



I've tried the one OpenSSH/Cookbook/Proxies and Jump Hosts, but it won't work because the myUser for Server A does not have the key (sharedUser on Server A has it) for logging in Server B.



      ssh                 sudo su                   ssh

Me -----------> myUser@A ---------> sharedUser@A -----------> B

       ^                     ^                        ^

   password              switch user        using sharedUser@A's

authentication                                     ssh key


Questions:




  1. I would like to know if there is a way to connect to Server B "directly" through SSH Proxy, or something else?


  2. Is there a method to remotely exchange files with Server B using SFTP/SCP.. etc thorough serveral hops and username change?



Thanks!






ssh openssh sftp scp







share|improve this question




















  • 1





    Edited. Actually I am asking for a way to transmit files between server behind several hops and local machine

    – oscarxvita
    Jan 23 at 11:59











  • What is your platform on the local machine?

    – Martin Prikryl
    Jan 23 at 13:49











  • @MartinPrikryl linux(centos 7)

    – oscarxvita
    Jan 24 at 13:16














0












0








0


1






I'm trying to find an instant way to get to connect the ServerB, which is behind the firewall, through Server A and exchange files between Server B and my laptop.



Normally, the ssh login process looks like this.




  1. My Laptop->MiddleMan:


mylaptop: ssh myUser@ServerA (password auth)




  1. MiddleMan->Destination:


ServerA: sudo -u sharedUser ssh ServerB (no password)



I have to login to Server A using a restricted account myUser first, switch myUser to sharedUser on Server A, since only that sharedUser have the key for Server B. I don't have the key for Server B, and I have no privilege to r/w using myUser on Server A.



I've tried the one OpenSSH/Cookbook/Proxies and Jump Hosts, but it won't work because the myUser for Server A does not have the key (sharedUser on Server A has it) for logging in Server B.



      ssh                 sudo su                   ssh

Me -----------> myUser@A ---------> sharedUser@A -----------> B

       ^                     ^                        ^

   password              switch user        using sharedUser@A's

authentication                                     ssh key


Questions:




  1. I would like to know if there is a way to connect to Server B "directly" through SSH Proxy, or something else?


  2. Is there a method to remotely exchange files with Server B using SFTP/SCP.. etc thorough serveral hops and username change?



Thanks!






ssh openssh sftp scp







share|improve this question
















I'm trying to find an instant way to get to connect the ServerB, which is behind the firewall, through Server A and exchange files between Server B and my laptop.



Normally, the ssh login process looks like this.




  1. My Laptop->MiddleMan:


mylaptop: ssh myUser@ServerA (password auth)




  1. MiddleMan->Destination:


ServerA: sudo -u sharedUser ssh ServerB (no password)



I have to login to Server A using a restricted account myUser first, switch myUser to sharedUser on Server A, since only that sharedUser have the key for Server B. I don't have the key for Server B, and I have no privilege to r/w using myUser on Server A.



I've tried the one OpenSSH/Cookbook/Proxies and Jump Hosts, but it won't work because the myUser for Server A does not have the key (sharedUser on Server A has it) for logging in Server B.



      ssh                 sudo su                   ssh

Me -----------> myUser@A ---------> sharedUser@A -----------> B

       ^                     ^                        ^

   password              switch user        using sharedUser@A's

authentication                                     ssh key


Questions:




  1. I would like to know if there is a way to connect to Server B "directly" through SSH Proxy, or something else?


  2. Is there a method to remotely exchange files with Server B using SFTP/SCP.. etc thorough serveral hops and username change?



Thanks!






ssh openssh sftp scp




ssh openssh sftp scp






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Jan 23 at 11:57







oscarxvita

















asked Jan 23 at 11:33









oscarxvitaoscarxvita

12




12








  • 1





    Edited. Actually I am asking for a way to transmit files between server behind several hops and local machine

    – oscarxvita
    Jan 23 at 11:59











  • What is your platform on the local machine?

    – Martin Prikryl
    Jan 23 at 13:49











  • @MartinPrikryl linux(centos 7)

    – oscarxvita
    Jan 24 at 13:16














  • 1





    Edited. Actually I am asking for a way to transmit files between server behind several hops and local machine

    – oscarxvita
    Jan 23 at 11:59











  • What is your platform on the local machine?

    – Martin Prikryl
    Jan 23 at 13:49











  • @MartinPrikryl linux(centos 7)

    – oscarxvita
    Jan 24 at 13:16








1




1





Edited. Actually I am asking for a way to transmit files between server behind several hops and local machine

– oscarxvita
Jan 23 at 11:59





Edited. Actually I am asking for a way to transmit files between server behind several hops and local machine

– oscarxvita
Jan 23 at 11:59













What is your platform on the local machine?

– Martin Prikryl
Jan 23 at 13:49





What is your platform on the local machine?

– Martin Prikryl
Jan 23 at 13:49













@MartinPrikryl linux(centos 7)

– oscarxvita
Jan 24 at 13:16





@MartinPrikryl linux(centos 7)

– oscarxvita
Jan 24 at 13:16










1 Answer
1






active

oldest

votes


















0














From mylaptop you can run a command on ServerA like this: ssh myUser@ServerA some_command. So this should be possible:



ssh -t myUser@ServerA sudo -u sharedUser ssh ServerB


Normally ssh that is supposed to run some_command doesn't allocate a pseudo-terminal, it only passes stdin, stdout, stderr. If you'd like to interact as if ssh ServerB was typed manually on ServerA, pseudo-terminal is needed. Therefore -t.



Pseudo-terminal would also be useful if sudo or the "inner" ssh asked for password.



You said you'd like to transfer files. The "inner" ssh can run a command on ServerB like the "outer" ssh runs a command on ServerA. The command may be cat, a file can be transferred (streamed) this way. In this case you shouldn't use -t, it would only mangle with the stream. Fortunately your sudo -u sharedUser ssh ServerB needs no password, so there's no conflict in whether to use -t or not.



To pull a file from ServerB:



>/local/file ssh myUser@ServerA sudo -u sharedUser 'ssh ServerB "cat </server/b/path/to/file"'


To push a file to ServerB:



</local/file ssh myUser@ServerA sudo -u sharedUser 'ssh ServerB "cat >/server/b/path/to/file"'


Proper quoting is very important to make the redirection just after cat affect cat (not ssh or sudo).






share|improve this answer


























  • That's cool, could this help for scp/sftp file transmission between server B and laptop?

    – oscarxvita
    Jan 23 at 12:00











  • @oscarxvita My answer now introduces a basic way to stream files. It's not exactly what you asked in the above comment though.

    – Kamil Maciorowski
    Jan 23 at 12:47











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1397423%2fget-file-from-server-using-sftp-scp-which-requires-user-switch-on-jump-host%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









0














From mylaptop you can run a command on ServerA like this: ssh myUser@ServerA some_command. So this should be possible:



ssh -t myUser@ServerA sudo -u sharedUser ssh ServerB


Normally ssh that is supposed to run some_command doesn't allocate a pseudo-terminal, it only passes stdin, stdout, stderr. If you'd like to interact as if ssh ServerB was typed manually on ServerA, pseudo-terminal is needed. Therefore -t.



Pseudo-terminal would also be useful if sudo or the "inner" ssh asked for password.



You said you'd like to transfer files. The "inner" ssh can run a command on ServerB like the "outer" ssh runs a command on ServerA. The command may be cat, a file can be transferred (streamed) this way. In this case you shouldn't use -t, it would only mangle with the stream. Fortunately your sudo -u sharedUser ssh ServerB needs no password, so there's no conflict in whether to use -t or not.



To pull a file from ServerB:



>/local/file ssh myUser@ServerA sudo -u sharedUser 'ssh ServerB "cat </server/b/path/to/file"'


To push a file to ServerB:



</local/file ssh myUser@ServerA sudo -u sharedUser 'ssh ServerB "cat >/server/b/path/to/file"'


Proper quoting is very important to make the redirection just after cat affect cat (not ssh or sudo).






share|improve this answer


























  • That's cool, could this help for scp/sftp file transmission between server B and laptop?

    – oscarxvita
    Jan 23 at 12:00











  • @oscarxvita My answer now introduces a basic way to stream files. It's not exactly what you asked in the above comment though.

    – Kamil Maciorowski
    Jan 23 at 12:47
















0














From mylaptop you can run a command on ServerA like this: ssh myUser@ServerA some_command. So this should be possible:



ssh -t myUser@ServerA sudo -u sharedUser ssh ServerB


Normally ssh that is supposed to run some_command doesn't allocate a pseudo-terminal, it only passes stdin, stdout, stderr. If you'd like to interact as if ssh ServerB was typed manually on ServerA, pseudo-terminal is needed. Therefore -t.



Pseudo-terminal would also be useful if sudo or the "inner" ssh asked for password.



You said you'd like to transfer files. The "inner" ssh can run a command on ServerB like the "outer" ssh runs a command on ServerA. The command may be cat, a file can be transferred (streamed) this way. In this case you shouldn't use -t, it would only mangle with the stream. Fortunately your sudo -u sharedUser ssh ServerB needs no password, so there's no conflict in whether to use -t or not.



To pull a file from ServerB:



>/local/file ssh myUser@ServerA sudo -u sharedUser 'ssh ServerB "cat </server/b/path/to/file"'


To push a file to ServerB:



</local/file ssh myUser@ServerA sudo -u sharedUser 'ssh ServerB "cat >/server/b/path/to/file"'


Proper quoting is very important to make the redirection just after cat affect cat (not ssh or sudo).






share|improve this answer


























  • That's cool, could this help for scp/sftp file transmission between server B and laptop?

    – oscarxvita
    Jan 23 at 12:00











  • @oscarxvita My answer now introduces a basic way to stream files. It's not exactly what you asked in the above comment though.

    – Kamil Maciorowski
    Jan 23 at 12:47














0












0








0







From mylaptop you can run a command on ServerA like this: ssh myUser@ServerA some_command. So this should be possible:



ssh -t myUser@ServerA sudo -u sharedUser ssh ServerB


Normally ssh that is supposed to run some_command doesn't allocate a pseudo-terminal, it only passes stdin, stdout, stderr. If you'd like to interact as if ssh ServerB was typed manually on ServerA, pseudo-terminal is needed. Therefore -t.



Pseudo-terminal would also be useful if sudo or the "inner" ssh asked for password.



You said you'd like to transfer files. The "inner" ssh can run a command on ServerB like the "outer" ssh runs a command on ServerA. The command may be cat, a file can be transferred (streamed) this way. In this case you shouldn't use -t, it would only mangle with the stream. Fortunately your sudo -u sharedUser ssh ServerB needs no password, so there's no conflict in whether to use -t or not.



To pull a file from ServerB:



>/local/file ssh myUser@ServerA sudo -u sharedUser 'ssh ServerB "cat </server/b/path/to/file"'


To push a file to ServerB:



</local/file ssh myUser@ServerA sudo -u sharedUser 'ssh ServerB "cat >/server/b/path/to/file"'


Proper quoting is very important to make the redirection just after cat affect cat (not ssh or sudo).






share|improve this answer















From mylaptop you can run a command on ServerA like this: ssh myUser@ServerA some_command. So this should be possible:



ssh -t myUser@ServerA sudo -u sharedUser ssh ServerB


Normally ssh that is supposed to run some_command doesn't allocate a pseudo-terminal, it only passes stdin, stdout, stderr. If you'd like to interact as if ssh ServerB was typed manually on ServerA, pseudo-terminal is needed. Therefore -t.



Pseudo-terminal would also be useful if sudo or the "inner" ssh asked for password.



You said you'd like to transfer files. The "inner" ssh can run a command on ServerB like the "outer" ssh runs a command on ServerA. The command may be cat, a file can be transferred (streamed) this way. In this case you shouldn't use -t, it would only mangle with the stream. Fortunately your sudo -u sharedUser ssh ServerB needs no password, so there's no conflict in whether to use -t or not.



To pull a file from ServerB:



>/local/file ssh myUser@ServerA sudo -u sharedUser 'ssh ServerB "cat </server/b/path/to/file"'


To push a file to ServerB:



</local/file ssh myUser@ServerA sudo -u sharedUser 'ssh ServerB "cat >/server/b/path/to/file"'


Proper quoting is very important to make the redirection just after cat affect cat (not ssh or sudo).







share|improve this answer














share|improve this answer



share|improve this answer








edited Jan 23 at 12:41

























answered Jan 23 at 11:51









Kamil MaciorowskiKamil Maciorowski

28.2k156185




28.2k156185













  • That's cool, could this help for scp/sftp file transmission between server B and laptop?

    – oscarxvita
    Jan 23 at 12:00











  • @oscarxvita My answer now introduces a basic way to stream files. It's not exactly what you asked in the above comment though.

    – Kamil Maciorowski
    Jan 23 at 12:47



















  • That's cool, could this help for scp/sftp file transmission between server B and laptop?

    – oscarxvita
    Jan 23 at 12:00











  • @oscarxvita My answer now introduces a basic way to stream files. It's not exactly what you asked in the above comment though.

    – Kamil Maciorowski
    Jan 23 at 12:47

















That's cool, could this help for scp/sftp file transmission between server B and laptop?

– oscarxvita
Jan 23 at 12:00





That's cool, could this help for scp/sftp file transmission between server B and laptop?

– oscarxvita
Jan 23 at 12:00













@oscarxvita My answer now introduces a basic way to stream files. It's not exactly what you asked in the above comment though.

– Kamil Maciorowski
Jan 23 at 12:47





@oscarxvita My answer now introduces a basic way to stream files. It's not exactly what you asked in the above comment though.

– Kamil Maciorowski
Jan 23 at 12:47


















draft saved

draft discarded




















































Thanks for contributing an answer to Super User!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1397423%2fget-file-from-server-using-sftp-scp-which-requires-user-switch-on-jump-host%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Terni

Image
Questa voce o sezione sull'argomento Umbria non è ancora formattata secondo gli standard . Contribuisci a migliorarla secondo le convenzioni di Wikipedia. Segui i suggerimenti del progetto di riferimento. Terni comune Localizzazione Stato   Italia Regione Umbria Provincia Terni Amministrazione Sindaco Leonardo Latini (Lega Nord) dal 25-06-2018 Territorio Coordinate 42°34′N 12°39′E  /  42.566667°N 12.65°E 42.566667; 12.65  ( Terni ) Coordinate: 42°34′N 12°39′E  /  42.566667°N 12.65°E 42.566667; 12.65  ( Terni ) Altitudine 130 m s.l.m. Superficie 211,90 km² Abitanti 111 189 [1] (31-12-2017) Densità 524,72 ab./km² Frazioni Vedi elenco Comuni confinanti Acquasparta, Arrone, Colli sul Velino (RI), Labro (RI), Montecastrilli, Montefranco, Narni, Rieti (RI), San Gemini, Spoleto (PG), Stroncone Altre informazioni Cod. postale 05100 Prefisso 0744 Fuso orario UTC+1 Codice ISTAT...
Read more

A new problem with tex4ht and tikz

Image
3 When run through pdflatex the code snippet below produces: but when I run it through make4ht the following web page, without the numbers, is generated: (The difference in scale is an artifact of my skills in taking screenshots.) Here is the code: documentclass{article} usepackage{tikz} begin{document} begin{tikzpicture} foreach x in {-3,...,3} { draw(x,0.25) --(x,0)node[below]{x}; } foreach x in {-2.5,...,2.5} { draw(x,0.18) --(x,0); } draw[thick,<->](-3.5,0)--(3.5,0); filldraw[blue!50!white](1.5,0) circle (1mm); draw[red] (-3.5,-1) rectangle (3.5,1); % make bounding box higher end{tikzpicture} end{document} Only the first line of the tikzpicture environment is necessary. The rest is just to show that everything else is OK. I am...
Read more

Sun Ra

Image
.mw-parser-output .avviso .mbox-text-div>div,.mw-parser-output .avviso .mbox-text-full-div>div{font-size:90%}.mw-parser-output .avviso .mbox-image div{width:52px}.mw-parser-output .avviso .mbox-text-full-div .hide-when-compact{display:block} Questa voce o sezione sull'argomento compositori statunitensi non cita le fonti necessarie o quelle presenti sono insufficienti . Puoi migliorare questa voce aggiungendo citazioni da fonti attendibili secondo le linee guida sull'uso delle fonti. Sun Ra Sun Ra nel 1992 al conservatorio del New England Nazionalità   Stati Uniti Genere Fusion Free jazz Hard bop Space music Jazz d'avanguardia Musica sperimentale Big band Periodo di attività musicale 1934 – 1993 Strumento pianoforte, sintetizzatore Modifica dati su Wikidata  · Manuale .mw-parser-output .citazione-table{margin-bottom:.5em;font-size:95%}.mw-parser-output .citazione-table td{padding:0 1.2em 0 2.4em}.mw-parser-output...
Read more