|
Using SCP behind a router
Hi, I need help using scp.
I do not know how to transfer from a different machine to mine. My computer is connected to a router, which is connected the my school's network. I can get my computer's IP from doing ifconfig, but that is a different IP than what it is on the network, which is also a different IP from what the outside world sees (all computers on my school's network appear to have the same IP). If I am sitting on my computer and have sshed to another machine what would I type to transfer a file from that machine to the local one. If I am on a machine at my lab (on the school network) would the command change? If I am at my parents house (outside of the school network) would the same command work? In order to scp when I am not at my machine what do I need to have listening for a connection. I also want to confirm the structure of the command. Normally if I have a file (foo.txt) in the current directory that I want to transfer to a machine called maple.computing the command would look like this, right? scp foo.txt myUser@maple.computing:/home/myUser Thanks for the help |
The computer that you want to put the file on or get the file from must be running an SSH server (protocol version 2). If you can connect to the system by using SSH, then there is a good chance that you have this OK. If you have a firewall that you need to open ports on, SSH, SFTP, and SCP, all work on port 22 TCP.
Note that you do not need to have an SSH connection to the system in question. When you run SCP, it will open the required SSH connection in order to send the file (and actually, if SSH works, then SCP should work with the same host and usernames). Assuming that the hostname/IP address of the target computer does not change, then the command required to put or get a file should not change. SCP only makes an outgoing connection from the computer you are on to port 22 on the host that you tell it. The syntax of the command that you have is valid and will work as expected. There is a shortcut if you are using your home directory, however. As SCP does everything in relation to your home directory, running scp foo.txt myUser@maple.computing:foo.txt will get you the same result. Let me know if you have any questions... as I was just working with SCP at work today, so I still have the man page fresh on my mind. |
You need to have port 22 open for ssh on your local router to scp to your machine, and that might be the problem with connecting to the others.
Each router and firewall in in the chain between your computers has to know to forward requests to the WAN side of their connection to the correct machine on the inside (LAN). Most home routers can forward port 22 (for ssh and scp) from the outside to a specific address inside, but not to every address inside, and that is what makes it tough. If a router/firewall isn't set to allow SSH connections to the specific address that the server sits at, then you won't get scp to work. Whatever address you use to connect through SSH is the same address you'd use for scp. Your command has a few issues as well. You have an incomplete domain name, and if you used that command, you might overwrite your home directory. Unless maple.computing resolves to something on your machine, you'll need a complete domain name, or the maple.computing's IP address. I would do it like this, assuming the directory you start in has foo.txt, if it doesn't, you need a full path: Code:
scp foo.txt myuser@W.X.Y.Z:/home/myuser/You can use scp from anywhere to anywhere else, and all that changes is the details. If both hosts are on the school network, then they could connect by private IP address within the network. There can also be different issues because of firewalls. They may pass traffic within the school network that would be blocked from the public internet. There is no way to know without just trying it. I wouldn't be at all suprised to see trying to connect from your parents fails, but it works within school network. It may be wide open though. Connection the other way (from lab to your machine) should be easier, assuming you can control that router. You are correct in what you said about different addresses. Every router/firewall you pass through can translate your address. What you need to know is the WAN side address of your local router. What is probably the case, is that each device is translating addresses. The one public IP everybody gets is real world, then behind that are a large subnet of private addresses (usually a class B or A network), and each of those addresses are actually often routers giving out another layer of addresses to the client computers. That way your machine claims to be 192.168.1.13, your router claims you are 172.18.1.3(WAN side of your local router), and the school connection gives everybody on campus the same external real world IP. Now, if you are in the lab, here is how you would connect to your router. First, you need the WAN address of your local router. You also need to set your router to forward all traffic on port 22 to your desktop. Say from my previous example, that your machine claims its IP is 192.168.1.13. Then you need to create a rule in the local router to forward all traffic to the WAN side at port 22 to 192.168.1.13 at port 22. Then from the lab machine, you would scp back home with this command: Code:
scp bar.txt user@WAN.IP.ADDRESS.ROUTER:/home/user/Peace, JimBass |
Both networks, your home network and your school network are behind routers. If the school uses a private address space, and is behind a NAT router as well, then you may not be able to connect from home to school using ssh because the school's router won't forward ssh to the computer you want to connect to. That is assuming that the host at school that you wish to connect to isn't assigned an internet IP address. Unless the gateway/router is a computer that you have ssh access to and can build a tunnel from the gateway to the host that you want to.
If you are going the other way however, then since you control the NAT router in your home, you will be able to connect from school to home provided that you have access to the internet. |
Quote:
Also, keep in mind that file transfers work both ways. So even if you cannot get your school to forward incoming SSH connections to your computer, as long as you can SSH to the remote computer, you can still transfer files to and from it. So to transfer foo.txt to the home directory on the remote computer, you can do Code:
scp foo.txt myUser@maple.computing:Code:
scp myUser@maple.computing:foo.txt . |
Okay, thanks, I will check my SElinux to make sure I have all the correct ports open.
So if I run an ssh server which IP should I use to connect to it? I don't know if it is possible from outside the network because our whole network is routed through one IP and I do not know how it would be able to direct it to my system. But in the network if I use SCP (or ssh for that matter) and try to connect to the IP of my router will my router automatically forward the request to the correct computer of the two I have connected? Or how do I tell scp to transfer my file to the correct machine since the network sees the routers IP and not my machines (at least I think it does, because I was told that each student is assigned one IP and if we had multiple machines we needed to use a router and have it installed before we register so that our IP gets assigned to it instead of one of our machines)? Thanks again, your last post was technical enough to answer many question, but still easy to follow. |
ooh, I didn't see all those responses, they showed up while I was writting my last response, so maybe you can disregard it.
|
Thanks for all the help I think I can get it working.
PS I like the Eliza quote, I have always had fun laughing at its responses. |
In case anyone wants to try it themselves, here is a link to instructions on how to get Eliza to analyze Zippy the Pinhead in Emacs:
http://www.osxfaq.com/dailytips/11-2002/11-11.ws |
| All times are GMT -5. The time now is 02:45 PM. |