Work around insufficient remote permissions when SCPing
Tuesday, September 30th, 2014
Here's a problem I often run into:
- I need to copy files from a remote system to my local system.
- I have root access to the remote system via sudo or su, but not directly via SSH.
- I don't have enough permissions to read the remote files as a normal user; I need to be root.
- There isn't enough space to copy the files to a temp dir and change their ownership.
One solution is to use sudo tar remotely and output the tar file on stdout:
fboender@local$ ssh email@example.com "sudo tar -vczf - /root/foo" > foo.tar.gz
This relies on the remote host allowing X11 forwarding though, and you have to have an SSH askpass program installed. Half of the time, I can't get this work properly.
An easier solution is to build a reverse remote tunnel:
fboender@local$ ssh -R 19999:localhost:22 firstname.lastname@example.org
This maps the remote port 19999 on example.com to my local port 22. That means I can now access the SSH server running locally from the remote server by SSHing to port 19999. For example:
email@example.com$ scp -P 19999 -r /root/foo firstname.lastname@example.org Password:
There you go. Easy as pie.