3

I have an interesting problem I'm trying to solve. I have a JumpBox server that I have in order to securely ssh into client's servers. This is the only server my clients ever open up port 22 to. However, this JumpBox server is very small and does not have enough space to hold large files (bigger than 5GB).

So, I've set up another server with larger disks for this purpose, but I don't want the clients to then have to open up port 22 to yet another IP address.

Server T = Transferbox

Server J = Jumpbox

Server C = Clientbox

From Server J, can I transfer a file on Server T to Server C?

Thanks, and let me know if I need to clarify anything

wrangler
  • 3,300

6 Answers6

2

From "T", you should open up an ssh tunnel on "J" that forwards to SSH on "C". From there you can hop through J from T to do anything on C via SSH. See SSH Tunneling Made Easy for more information

So from your "T" server, you might do something like this:

ssh -f J-user@addr-of-J-server -L 2000:addr-of-C-server:22 -N

ssh C-user@localhost -p 2000
andyortlieb
  • 1,102
1

Sadly scp does not currently support this. But you could use sshfs on J, mount T and C and then copy (using cp) on J from mountpoint T to mountpoint C.

If you combine autofs and sshfs the way that /net (with an executable automount-map) works you propably will get a working automatic solution.

I`ve seen a sshfs solution for CentOS using fuse somewhere.

Nils
  • 7,815
1

On host where you need data just open port say 22222 for tcp connections from host that will be sending data.

on host receiving data you can use something like 

$ nc -l -p 22222 | tar xf -

and on host sending the data once listener above is in place

$ tar cf - files directories | nc -w1 ip.of.host.listening 2222

once data is transfered simply close the firewall hole; of if you're afraid you might forget to close it you can open it for say 30 min with something like 

# (iptables -I INPUT -p tcp -s ip.of.host.sending.data --dport 22222 -j ACCEPT; sleep 30m;iptables -D INPUT -p tcp -s ip.of.host.sending.data --dport 22222 -j ACCEPT) &

If you are worried about someone snooping your data; you can use cryptcat rather than netcat (nc) .

Hrvoje Špoljar
  • 5,405
  • 28
  • 42
0

Why don't use you the split, tar, or zip utilities to gather your files into smaller pieces, and then transfer each piece individually through J. When all the pieces are on C, just expand the tar/zip archive.

Your other option would be to create a VPN of some kind between T and J. You can then try mounting a file share/export from T like it's a local file system (NFS, FUSE, etc.).

The other options is to have your clients SSH into J and set up a tunnel (-L, -R), and then from J allow them to log into T. So they create a tunnel C->J->T, and on T have a file transfer system available (FTP, HTTP). The SSH tunnelling will send the packets around as needed.

Your best solution will be to get more resources on your JumpBox. If your clients are giving you money you should invest some of it into proper infrastructure so you/they don't have to waste time jumping through hoops.

DAM
  • 1
0

An historical note, this is precisely the type of situation that FTP Protocol Passive mode was created for. However, being that the account information is sent in cleartext, it is far less likely to be used anymore.

mdpc
  • 11,914
0

Simpiest way here is to mount server T's drive on jumpbox using nfs or sshfs: http://fuse.sourceforge.net/sshfs.html Not sure if you want to keep permissions, but I believe you can even mount sshfs folder on users' login.

Dmitry Alexeyev
  • 406