indirect scp / bypass remote firewall rules
Suppose I’m on machine DESKTOP and I want to copy files from server APPLE to server BANANA. DESKTOP has access to both, but firewalls and/or missing ssh keys prevent direct access between APPLE and BANANA.
Regular scp(1) will now fail. It will attempt to do a direct copy and
then give up. This is where this indirect scp
wrapper
(view) comes in:
- First, it tries to do the direct copy.
- If that fails, it uses the local machine as an intermediary.
In this example you’ll see it fail twice for the two source files and then fall back to using the local machine.
$ scp -r APPLE:example/file1 APPLE:example/somedir BANANA:some_existing_path/
Host key verification failed.
lost connection
Host key verification failed.
lost connection
(falling back to indirect copy...)
file1 100% 6 0.0KB/s 00:00
here 100% 5 0.0KB/s 00:00
two_files 100% 10 0.0KB/s 00:00
(copy from here to destination...)
file1 100% 6 0.0KB/s 00:00
here 100% 5 0.0KB/s 00:00
two_files 100% 10 0.0KB/s 00:00
(cleaning up temporary files...)
For a bit of added security, it uses shred(1) to clean up the local
files, if available.
Installation:
# cd /usr/local/bin
# wget http://wjd.nu/files/2012/02/indirect-scp.sh -O indirect-scp
# chmod 755 indirect-scp
# ln -s indirect-scp scp
If you know the direct copy will fail, you can call indirect-scp
directly.