scp through an intermediate node - using a tunel

OK so I already provided help for tunneling for special services (Web access for example - see Creating an SSH tunnel in Linux ) but was asked a few times how to copy files in and out of BNL or in between enclave.

This is easy with tunneling. Let us imagine I want to
  • You are jerome [I know, may be too much :-) ]
  • From your laptop, transfer a file to the Web server named yaya - this is an example where the account name will NOT match (the remote account on yaya is in our example named webmaster)
  • That Web server is behind a SSH agteway / gatekeper i.e. you cannot access it directely but through one HOP
Here is what you would do:

From your laptop, create a tunnel to our web server (port 8888 is arbitrary)
% ssh -L -l jerome -N

As you already know frm our Using the SSH Agent, you can ease the connection by starting an agent (and using -A for forwarding) i.e. you may not have to type any passphrase. As-is above, you do need to type the passphrase for account jeromel on (c=campus, for a node inside the RACF, use r=RHIC domain). Then, you would scp the file named "bla" by doing soemthing like this:
scp -P 8888 bla webmaster@
This connects to the local port 8888 which you created to pass-through the node named yaya. Because you want to connect to that remote node with a different account, you would use webmaster@ in the command but because port 8888 is created on your localhost, the node reference is localhost (or The remote file location will be /star/u/webmaster/ in our example and it will be copied remotely with the name bla.test .

If you need to go through two nodes, I can add an example as well :-)