How using ssh/scp between non-public machines


I am often in the following situation:

I have two machines, A and B, which are on LANs, and have non-public IP addresses. Machine C is on the same LAN as B, but publicly visible. I would like to copy a file from B to A, so I have to:

  • ssh to C
  • ssh from C to B
  • scp file from B to C
  • scp file from C to A

Given that ssl can do wonderful things with tunnelling displays all the way back from B to A via C transparently, it seems like it should be possible to do the same with files.

Is there a way to use standard ssh/scp to copy from B to A, without having to make a temporary copy on C?

Best Answer

  • You want to set up port forwarding. When you SSH from machine A to machine B add a tunnel, i.e. add -L 1234:A:22 when tunnelling to B. Then SSH to machine C and scp the files to B on port 1234 (i.e. add -P 1234 to scp). This will actually route to port 22 on machine A which is the ssh port and hence it'll transfer directly.

    I don't have three machines with which to try this right now but I think this should work.

  • Related Question