Electricmonk

Ferry Boender

Programmer, DevOpper, Open Source enthusiast.

Blog

Work around insufficient remote permissions when SCPing

Tuesday, September 30th, 2014

Here’s a problem I often run into:

  • I need to copy files from a remote system to my local system.
  • I have root access to the remote system via sudo or su, but not directly via SSH.
  • I don’t have enough permissions to read the remote files as a normal user; I need to be root.
  • There isn’t enough space to copy the files to a temp dir and change their ownership.

One solution is to use sudo tar remotely and output the tar file on stdout:

fboender@local$ ssh fboender@example.com "sudo tar -vczf - /root/foo" > foo.tar.gz

This relies on the remote host allowing X11 forwarding though, and you have to have an SSH askpass program installed. Half of the time, I can’t get this work properly.

An easier solution is to build a reverse remote tunnel:

fboender@local$ ssh -R 19999:localhost:22 fboender@example.com

This maps the remote port 19999 on example.com to my local port 22. That means I can now access the SSH server running locally from the remote server by SSHing to port 19999. For example:

fboender@example.com$ scp -P 19999 -r /root/foo fboender@127.0.0.1
Password:

There you go. Easy as pie.

The text of all posts on this blog, unless specificly mentioned otherwise, are licensed under this license.