| View previous topic :: View next topic |
| Author |
Message |
thecooptoo
Veteran
Joined: 27 Apr 2003
Posts: 1353
Location: UK
|
 Posted: Fri Aug 05, 2005 9:40 am Post subject: reverse scp syntax?? |
 |
|
ive got 2 reverse SSH tunnels to my machine at work - i forwarding port 80 ( So i can see web pages) and another forwarding port 22 ( So ive got a command line )
Ive caused some chaos by trying to transfer files back and forth and got it very wrong.
Anyone KNOW a read-my-lips command line for
localfile-> work computer:/var/www/localhost/htdocs
and the other way
( i havent got GUI at the work end )
I can tell you what doesnt seem to work!
_________________
join the optout - http://nhsconfidentiality.org |
|
| Back to top |
|
 |
flin
n00b
Joined: 11 Feb 2004
Posts: 69
Location: Duesseldorf, Germany
|
| Posted: Fri Aug 05, 2005 10:40 am Post subject: |
|
|
What about
| Code: | | scp my_file user@host:/var/www/localhost/htdocs |
and the other way around:
| Code: | | scp user@host:/var/www/localhost/htdocs/my_file . |
If you are not using the standard ssh port on the destination system, use the -P <port> option (check manpage for details). The user <user> must of course have the appropriate permissons on the directory and its contents. |
|
| Back to top |
|
|
rex123
Apprentice
Joined: 21 Apr 2004
Posts: 272
|
| Posted: Fri Aug 05, 2005 11:01 am Post subject: |
|
|
| flin's answer looks right to me, but I wouldn't call it "reverse" scp. I'd just call it scp. And if port 22 is being forwarded between the machines, there could be all kinds of weirdness. Maybe I'm just confused, but I'm not clear which machine the scp is being run *from*, and whether it's being run inside an existing ssh session, and whether it will be affected by tunnels. This information might be crucial. |
|
| Back to top |
|
|
thecooptoo
Veteran
Joined: 27 Apr 2003
Posts: 1353
Location: UK
|
| Posted: Fri Aug 05, 2005 11:48 am Post subject: |
|
|
from work
| Code: | | ssh -R 23:localhost:22 www.myserver |
not running telnet locally
then ssh -p23 localhost gives me a terminal on the work machine
from work
| Code: | | ssh -R 2096:localhost:80 www.myserver |
and http://localhost:2096 give me web pages
Ideally i'd like to transfer files back and forth .
_________________
join the optout - http://nhsconfidentiality.org |
|
| Back to top |
|
|
rex123
Apprentice
Joined: 21 Apr 2004
Posts: 272
|
| Posted: Fri Aug 05, 2005 12:04 pm Post subject: |
|
|
In that case, bizarrely, this should work (but who knows?):
On your home machine...
| Code: | | scp -P 23 <filename> <username>@localhost:/loc/a/tion/ |
The username is your username on your work computer, and /loc/a/tion is a directory on your work computer.
Use scp -v to debug it. |
|
| Back to top |
|
|
thecooptoo
Veteran
Joined: 27 Apr 2003
Posts: 1353
Location: UK
|
| Posted: Fri Aug 05, 2005 12:34 pm Post subject: |
|
|
thanks - I'll give it a go - only problem is that the connection keeps dropping - which settings at which end do i need for a keepalive
My secretary is getting fed up running round and starting it up
_________________
join the optout - http://nhsconfidentiality.org |
|
| Back to top |
|
|
rex123
Apprentice
Joined: 21 Apr 2004
Posts: 272
|
| Posted: Fri Aug 05, 2005 1:10 pm Post subject: |
|
|
KeepAlives should be enabled by default. If you're using protocol 2, you can use ClientAliveInterval and ClientAliveCountMax. See man sshd_config. These settings will be made on your home machine's sshd_config, because that's the sshd server for the connection you want to keep alive.
| Code: |
ClientAliveInterval
Sets a timeout interval in seconds after which if no data has been received from the
client, sshd will send a message through the encrypted channel to request a response from
the client. The default is 0, indicating that these messages will not be sent to the
client. This option applies to protocol version 2 only.
ClientAliveCountMax
Sets the number of client alive messages (see above) which may be sent without sshd receiv-
ing any messages back from the client. If this threshold is reached while client alive
messages are being sent, sshd will disconnect the client, terminating the session. It is
important to note that the use of client alive messages is very different from TCPKeepAlive
(below). The client alive messages are sent through the encrypted channel and therefore
will not be spoofable. The TCP keepalive option enabled by TCPKeepAlive is spoofable. The
client alive mechanism is valuable when the client or server depend on knowing when a con-
nection has become inactive.
The default value is 3. If ClientAliveInterval (above) is set to 15, and
ClientAliveCountMax is left at the default, unresponsive ssh clients will be disconnected
after approximately 45 seconds.
[...]
TCPKeepAlive
Specifies whether the system should send TCP keepalive messages to the other side. If they
are sent, death of the connection or crash of one of the machines will be properly noticed.
However, this means that connections will die if the route is down temporarily, and some
people find it annoying. On the other hand, if TCP keepalives are not sent, sessions may
hang indefinitely on the server, leaving ``ghost'' users and consuming server resources.
The default is ``yes'' (to send TCP keepalive messages), and the server will notice if the
network goes down or the client host crashes. This avoids infinitely hanging sessions.
To disable TCP keepalive messages, the value should be set to ``no''.
|
|
|
| Back to top |
|
|
thecooptoo
Veteran
Joined: 27 Apr 2003
Posts: 1353
Location: UK
|
| Posted: Fri Aug 05, 2005 2:16 pm Post subject: |
|
|
| Code: | NTGHICU1 OR2 # scp root@localhost:/var/www/localhost/htdocs/OR2/outreach0.php test.txt
The authenticity of host 'localhost (127.0.0.1)' can't be established.
RSA key fingerprint is 51:91:fa:f5:37:46:78:27:e1:4a:cd:8e:f9:26:1c:79.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (RSA) to the list of known hosts.
Password:
outreach0.php 100% 5779 5.6KB/s 00:01
|
how do I tell the system what local directory to use ?
ive got a connection to the work system (NTGHICU1 ) and this make a copy of the target work file and puts in the same directory
| Code: |
NTGHICU1 OR2 # ls -la
total 72
drwxr-xr-x 2 root root 4096 Aug 5 14:11 .
drwxr-xr-x 6 root root 4096 Jul 25 10:48 ..
-rwxr-xr-x 1 root root 5779 Jul 25 10:50 outreach0.php
-rwxr-xr-x 1 root root 5779 Aug 5 14:06 test.txt
NTGHICU1 OR2 #
|
_________________
join the optout - http://nhsconfidentiality.org |
|
| Back to top |
|
|
rex123
Apprentice
Joined: 21 Apr 2004
Posts: 272
|
| Posted: Fri Aug 05, 2005 3:00 pm Post subject: |
|
|
| thecooptoo wrote: | | Code: | NTGHICU1 OR2 # scp root@localhost:/var/www/localhost/htdocs/OR2/outreach0.php test.txt
The authenticity of host 'localhost (127.0.0.1)' can't be established.
RSA key fingerprint is 51:91:fa:f5:37:46:78:27:e1:4a:cd:8e:f9:26:1c:79.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (RSA) to the list of known hosts.
Password:
outreach0.php 100% 5779 5.6KB/s 00:01
|
|
You seem to be running a command on the work machine, that is using scp to do something that cp can do - ie you are copying to localhost.
| Quote: |
how do I tell the system what local directory to use ?
|
scp has syntax like cp. If the second param is a dir, then the file is put in that dir. If it's a filename, the file is moved to that filename.
| Quote: |
ive got a connection to the work system (NTGHICU1 ) and this make a copy of the target work file and puts in the same directory
| Code: |
NTGHICU1 OR2 # ls -la
total 72
drwxr-xr-x 2 root root 4096 Aug 5 14:11 .
drwxr-xr-x 6 root root 4096 Jul 25 10:48 ..
-rwxr-xr-x 1 root root 5779 Jul 25 10:50 outreach0.php
-rwxr-xr-x 1 root root 5779 Aug 5 14:06 test.txt
NTGHICU1 OR2 #
|
|
It would do. To copy *from* your work machine *to* your home machine, you should be able to do this:
| Code: | | scp file user@home.hostname:/lo/ca/tion |
From home, you should be able to use the tunnel as per my earlier suggestion (remembering the -P 23) |
|
| Back to top |
|
|
thecooptoo
Veteran
Joined: 27 Apr 2003
Posts: 1353
Location: UK
|
| Posted: Fri Aug 05, 2005 3:07 pm Post subject: |
|
|
sorry about the confusion -i'm sitting at my home machine and want to 'pull' the file from work.
PS this is actually quite interesting - a howto will be coming out of it
_________________
join the optout - http://nhsconfidentiality.org |
|
| Back to top |
|
|
rex123
Apprentice
Joined: 21 Apr 2004
Posts: 272
|
| Posted: Fri Aug 05, 2005 3:17 pm Post subject: |
|
|
OK, try this:
Either
| Code: | | $ scp -P 23 <work_username>@localhost:/location/on/work/machine/filename . |
which will pull the file from your work machine, and write it to your current dir.
Or (in 2 steps)
| Code: | [home]$ ssh -p23 localhost
[work - via ssh]$ scp /file/to/copy <home_username>@home.hostname:/location/on/home/machine/filename
|
which will first log in to your work machine via ssh, then copy the file from there to your home machine. |
|
| Back to top |
|
|
thecooptoo
Veteran
Joined: 27 Apr 2003
Posts: 1353
Location: UK
|
| Posted: Fri Aug 05, 2005 3:32 pm Post subject: |
|
|
connected to work machine from home
| Code: |
NTGHICU1 OR2 # scp -i /root/.ssh/ntghicu1 outreach0.php root@server.com:/tmp
outreach0.php 100% 5779 5.6KB/s 00:00
|
after a bit of experimentation !
so this 'pulls' the files from work .
Give me a few minutes to try pushing the files to the work machine
_________________
join the optout - http://nhsconfidentiality.org |
|
| Back to top |
|
|
thecooptoo
Veteran
Joined: 27 Apr 2003
Posts: 1353
Location: UK
|
| Posted: Fri Aug 05, 2005 3:43 pm Post subject: |
|
|
trying to get testfile from home:/tmp to work:/
| Code: | NTGHICU1 OR2 # scp -i /root/.ssh/ntghicu1 root@server.com:/tmp/testfile pushedfile
usage: scp [-1246BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file]
[-l limit] [-o ssh_option] [-P port] [-S program]
[[user@]host1:]file1 [...] [[user@]host2:]file2
NTGHICU1 OR2 # scp root@server.com:/tmp/testfile pushedfile
Permission denied (publickey,keyboard-interactive).
NTGHICU1 hostkeys # scp -i /root/.ssh/ntghicu1 root@server.com:/tmp/testfile root@NTGHICU1:/tmp
Permission denied (publickey,keyboard-interactive).
|
when i initally set up the connection, this was created 'automatically' ( passwordless login with openSSH from work->home).
| Code: |
NTGHICU1 .ssh # cd /root/.ssh2/hostkeys/
NTGHICU1 hostkeys # ls -la
total 12
drwx------ 2 root root 4096 Jul 18 11:25 .
drwxr-xr-x 3 root root 4096 Aug 4 12:20 ..
-rw------- 1 root root 756 Jul 18 11:25 key_22_www.server.com.pub
NTGHICU1 hostkeys #
|
No idea what to do with it though !
I havent got a private key ( that I can find !) on either machine
PS Secretary has gone home now so if the connection stops, Im stuffed until monday
_________________
join the optout - http://nhsconfidentiality.org |
|
| Back to top |
|
|
thecooptoo
Veteran
Joined: 27 Apr 2003
Posts: 1353
Location: UK
|
| Posted: Sat Aug 06, 2005 10:41 am Post subject: |
|
|
If I establish a | Code: | | ssh -R 23:localhost:22 www.myserver |
conection the process of tryping | Code: | | ssh -R 2096:localhost:80 www.myserver |
givers me the apache connection but loses the commandline one
So i therefore need to initiate 2 separate connections ( 2 seprate terminals) from work
my home /etc/ssh/sshd_config is now
| Code: | grenada guestvote_mod # grep ^[0-9A-Za-z] /etc/ssh/sshd_config
Protocol 2
MaxAuthTries 4
PubkeyAuthentication yes
AuthorizedKeysFile /etc/ssh/authorized_keys
IgnoreUserKnownHosts yes
PasswordAuthentication no
IgnoreRhosts yes
PrintMotd yes
StrictModes no
RSAAuthentication yes
PermitRootLogin yes
PermitEmptyPasswords no
GatewayPorts yes
AllowTcpForwarding yes
LoginGraceTime 20
KeepAlive yes
X11Forwarding yes
ClientAliveInterval 30
ClientAliveCountMax 6
ClientAliveInterval 20
ClientAliveCountMax 10
TCPKeepAlive yes
|
but the conections were (both) dropped (dont know why) in the course of the evening
Ive got openssh 3.9_p1-r2 installed
1)Nice to try and sort out why the connection got droppped .
2) I can set up a cron job to test and reconnect if necessary eg http://www.brandonhutchinson.com/ssh_tunnelling.html
but will it work if I need 2 sepaate connections ?
_________________
join the optout - http://nhsconfidentiality.org |
|
| Back to top |
|
|
|
Networking & Security
