SSH has a lot of tricks up its sleeve, including the ability to copy files between two remote servers.
If you administer enough Linux servers you are probably familiar with transferring files between machines, with the help of the SSH command scp. The process is simple:
- You log into the server containing the file to be copied.
- You copy the file in question with the command scp FILE USER@SERVER_IP:/DIRECTORY
Where FILE is the file to be copied, USER is a remote username, SERVER_IP is the IP address of the remote server, and DIRECTORY is the destination directory that will house the remote file. The process is as second nature as any other Linux command, but what happens when you're spending a good deal of time transferring files from one machine to another? This could turn into a situation where you constantly have to:
- Log into one machine.
- Transfer files to another.
- Log out of the original machine.
- Log into a different machine.
- Transfer files to yet another machine.
SEE: Information security policy template download (Tech Pro Research)
What if you could make that process significantly more efficient, by sending files from MACHINE1, to MACHINE2, from MACHINE3? In other words, you can log into one Linux machine and then start transferring files between remote machines, without logging in and out of different servers. What if there was a tool to handle such a task?
Said tool is, believe it or not, SSH itself.
Let me show you how this is done.
What we're doing
We're going to copy the file /home/jack/techrepublic, from IP address 192.168.1.53 into the /home/jack/techrepublic folder on IP address 192.168.1.51, working on a machine at IP address 192.168.1.152.
Before we do this, there is a one-time task to undertake: Copying SSH keys to and from these machines (I am assuming you already have your SSH keys generated on all machines.). To do this, execute the following commands:
- From 192.168.1.162 issue the command ssh-copy-id email@example.com
- From 192.168.1.162 issue the command ssh-copy-id firstname.lastname@example.org
- From 192.168.1.51 issue the command ssh-copy-id email@example.com
- From 192.168.1.53 issue the command ssh-copy-id firstname.lastname@example.org
Now that all the necessary SSH keys have been copied, log into each machine to test that the SSH key authentication is working. Once you verify that process, you are ready to send the techrepublic file on .53 to .51 from .162. Confused? Don't worry, the command itself will clear things up.
Here's the command to copy the techrepublic file (again, on .53 to .51). Make sure you're logged into .153 and the techrepublic file exists on .53. With that in place, issue the command:
scp -3 email@example.com:/home/jack/techrepublic firstname.lastname@example.org:/home/jack/techrepublic
Since we set up SSH key authentication, you shouldn't be prompted for a password. The file will copy from .53 to .51, and you're finished. You've successfully copied a file between two remote servers, using a secure SSH tunnel.
If you do not add the -3 option, the copy process will fail with an authentication error (Figure A).
Confusing but efficient
Although this process might seem confusing at first, once you get the hang of it, you'll find it far more efficient than using the standard method. This also has the benefit of forcing you into making use of SSH key authentication—an added security layer you should use anyway.
- How to use SSH through a Linux Jump Host (TechRepublic)
- How to integrate SSH key authentication into KeePassXC (TechRepublic)
- How to connect to VNC using SSH (TechRepublic)
- How to run remote commands on multiple Linux servers with Parallel-SSH (TechRepublic)
- SCP implementations impacted by 36-years-old security flaws (ZDNet)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- The best password managers of 2019 (CNET)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)