Get files from server two steps away

Solution 1:

You can create an SSH tunnel through machine2 then in another session connect to the tunnel.

For example, open two CLI sessions on machine1. In the first session run the following:

MACHINE1$ ssh -L 2022:MACHINE3:22 <user>@MACHINE2

In the second session run the following:

MACHINE1 $ ssh -p 2022 <user>@localhost

What's happening with the first command is a local port (2022 on machine1) is being tunneled to port 22 on machine3 using your SSH connection to machine2.

With the second command you are connecting to the newly opened local port (2022) and it's like you're connecting directly to machine3.

Now if you want to use your typical file transfer process you could do the following:

ssh -p 2022 <user>@localhost "tar cf - /path/to/remote/directory/" > filename.tar

Alternatively, you can familiarise yourself with rsync and do something like this instead:

rsync -aHSv --progress -e 'ssh -p 2022' <user>@localhost:/path/to/remote/directory/ /path/to/local/directory/

Assuming the end goal isn't to get a tarball.

Solution 2:

You can also use Master session capability of newer versions of SSH. It's described here:

https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Multiplexing

Probably all that you need is to edit/create your .ssh/config. Add there definitions which control the Master sessions:

ControlMaster auto
ControlPath ~/.ssh/cm_socket/%r@%h:%p
ControlPersist 4h
ServerAliveInterval 30

Then you can specify your first hop server definition like:

Host first_hop
Hostname <your first host FQDN or IP>
User <your user>

And the second hop will use your first hop server as proxy:

Host second_hop
Hostname <your second host FQDN or IP>
User <your user>
ProxyCommand ssh -W %h:%p first_hop

Don't forget to create the ~/.ssh/cm_socket directory and config permissions should be 644.

Then you should be able to SSH or SCP directly to/from your second server. There can be more servers chained like this.