scp between two terminal windows (or multihop scp)

Question

I regularly have to connect to several systems via ssh using multiple hops. It also happens often that I then want to copy a file from either the destination system to my local system or the other way around in a simple way (my current work flow is copy the file to an external location both machines can see so that it saves me a few hops or if the file is not binary cat it and copy/paste it to the other terminal window). Is there an easy way to do such a thing?

I am using OSX and iterm2 (obviously I woudn't mind changing the latter).

So the connection is something like (local machine) -> (portal A) -> (machine B) -> (portal C) -> (machine D)

So I would like to copy files from machine A to machine D in a simple way (without copying the file via all hops or creating four tunnels).

Answer 1

It's not quite what you're asking for, but there are some tricks you can play with SSH proxying that simplify this sort of thing enormously. The first thing to get familiar with is proxying multihop SSH connections over netcat. If you have OpenSSH version 5.4 or later on the various hosts, add something like this to your ~/.ssh/config:

Host B
    ProxyCommand ssh A -W %h:%p

Host C
    ProxyCommand ssh B -W %h:%p

Host D
    ProxyCommand ssh D -W %h:%p

If any of the intermediates don't have a new enough version, but do have netcat (nc), you can use something like this instead:

Host D
    ProxyCommand ssh C nc %h %p

This'll make ssh D automatically open a tunnel to C to run the connection over, which will automatically open a tunnel to B, ... You'll have to authenticate 4 times (to A, then B, etc) (unless you have public-key authentication set up), but other than that it's transparent. Which means you can use it with sftp D, scp D:/path/to/file, etc.

Now, there's one significant limitation on this for what you describe. You can certainly copy files from e.g. A to D like this:

scp A:/path/to/file D:/path/to/file

...but the file's contents will travel the path A -> your computer -> A -> B -> C -> D. They won't be stored anywhere on that path, but if the network link between you and A is slow (e.g. you're working from home), this'll be a bottleneck. In this case, it'd be best to copy the ~/.ssh/config entries for C and D onto computer A, ssh into A normally, then use scp /path/to/file D:/path/to/file and cut out the extra hops.

BTW, if you want to get fancy, you can add this to your ~/.ssh/config:

Host */* 
    ProxyCommand ssh $(dirname %h) -W $(basename %h):%p

And then use ssh A/B/C/D etc to built the tunnel path on the spot. See the OpenSSH cookbook for details.

Answer 2

I had to think about this for some time, but if you have set up passwordless authentication using keys, it is possible to do the thing like this:

$ cat test | ssh f21 "tee | ssh f20 \"tee test\""

encrypted ssh key doesn't matter. For transferring through one hop it is quite straightforward, for more hops it can get messy ...