Transfer contents and files through a secured shell tunnel

In a secured environment, It’s always a challenge to move content (text) and files between a remote and local machines. The challenge becomes even harder when there is a bastion host or a Jumpserver in the middle that needs SSH (Secure Shell) access.

In the previous post, you learnt how to record secured shell (SSH) sessions on a Red Hat Enterprise Linux (RHEL) virtual server instance (VSI) in a private virtual private cloud (VPC)network using built-in packages. The VPC private network was provisioned through Terraform and the RHEL packages are installed using Ansible automation.

Additionally, you learnt how to set up a highly available bastion host -https://medium.com/vmacwrites/automate-session-recording-on-rhel-with-ansible-1a46e6f76e3f

Now that you have a secured VPC private network, let’s learn how to move files / content between your remote and local machine via a bastion host.

As you work day-in and day-out with virtual machines in Cloud, you are asked to send logs, copy or move files from the remote machine to local for debugging. In the linux world, coredump is required most of the time to see why a server or a component is crashing. Moving files like a core dump is required for debugging or understanding the state of the machine.

For this scenario let’s consider three machines (VMs or VSIs),

1. Localhost
2. Bastion host with a private IP — 10.10.0.13
3. Remote machine / server with a private IP — 10.30.0.13

Scenario 1: copy a file from remote machine to localhost

You will be using SCP(Secure Copy Protocol) from local to remote via Bastion.

Run this in one session/window/tab of the terminal on your local machine.

ssh -L 1234:<REMOTE_PRIVATE_IP>:22 <OS_USER>@<BASTION_HOST_PRIVATE_IP> cat -

ssh -L 1234:10.30.0.13:22 vmac@10.10.0.13 cat -

In another session/window/tab,

scp -P <LOCAL_PORT> <REMOTE_USER>@127.0.0.1:<PATH_TO_THE_FILE_ON_REMOTE_MACHINE> <LOCAL_PATH_TO_COPY_FILE>

scp -P 1234 vmac@127.0.0.1:/home/vmac/output.log output.log

Scenario 2: copy contents of a remote file to clipboard

On your local machine, run the below command to copy contents of a file to clipboard using pbcopy

ssh -J vmac@<BASTION_HOST_PRIVATE_IP vmac@<REMOTE_PRIVATE_IP> 'cat /home/vmac/output.log' | pbcopy 

ssh -J vmac@10.10.0.13 vmac@10.30.0.13 'cat /home/vmac/output.log' | pbcopy

Using public IP of an VSI

If you want to access a virtual machine/VSI using a floating / public IP, replace the private IPs with the public IPs of the respective machines.

If you like my content, please clap 👏 and follow me for more such content. Happy learning and sharing :)

Originally published at https://dev.to on March 1, 2024.