Transferring files between machines either side of a network firewall gateway

Occasionally you may have a need to transfer files from say the scratch space on an institute machine to somewhere outside the department or vice-versa. The machine inside the department can only be reached by going via but to transfer files to gate and then on to the other machine is unnecessarily complicated. A simple approach is to setup a ssh tunnel via gate going directly between the two machines.

The instructions below are both for a transfer initiated from the remote machine rather than the institute based machines.

Using openssh tools on UNIX/Linux systems

Firstly setup an ssh tunnel on the remote machine with

ssh -L 2222:maths_host:22

This will make a connection to gate with a tunnel on to the maths_host which would be the name of a machine within the department.

Now in another terminal start an sftp on the remote machine but connect to the ssh tunnel on that machine

sftp -oPort=2222 localhost

You can now use the sftp commands to cd to a given location and put/get files as normal. Instead of sftp you could use gftp for a graphical interface instead.

SCP over gate (Using Linux/macOS)

This procedure is similar to the one above, only this time we'll describe how to permanently save the settings and scp files back and forth through gate in a transparent way. Again let's say you're trying to copy files to a machine in the department, we'll use maths_host again as its name. Locate the file named config in your .ssh directory (located in the home folder), or create one if it doesn't exist. Add a section in the config file containing the following:

Host maths_host
User maths_user
ProxyCommand ssh -W

Save the file, and from now on you can scp from/to your computer when outside the department and the connection will automatically be tunneled through gate. In the following example, we'll copy the file thesis.tex from our home directory to the scratch folder of maths_host :

scp ~/thesis.tex maths_host:/scratch

Please be aware that if you haven't set up public key authentication, you'll be prompted for your account password twice, once for every computer you're connecting to (gate and maths_host).

Using Windows based tools

If you are using PuTTY, before you log in, click on SSH and select Tunnels (at the bottom of the list on the left), and set

Source port: 2222,
Destination: maths_host:22,

select ``Local'' and click ``Add''. In the above replace maths_host with the relevant maths institute machine name.

Now log in to gate, as normal.

Now start WinSCP (while PuTTY is running), connect to localhost (type localhost or in the address field) and set the port number to 2222. This will (via the ssh tunnel) connect you to the maths institute host.

If you're using the SSH Secure Shell Client, click on Profiles -> Add Profile. Give the profile a name, for example, ``Tunnel to maths_host''. Now click Profiles -> Edit Profiles, select the profile you just created, and click on the Tunneling tab. Make sure the Outgoing tab is selected, click add, and set

Display Name: maths_host SSH
Type: TCP
Listen Port: 2222
Allow Local Connections Only: <ticked>
Destination Host: maths_host
Destination Port: 22

Now log in as usual and run WinSCP as above.

Please contact us for feedback and comments about this page. Last updated on 10 May 2022 18:26.