Some background detail, this private server is located within my academic building. Normally, the only way to access it is by either being logged in on the building’s WiFi or using a VPN to login remotely.
I currently have a EC2 instance which I can transfer files to one way using the following command while on the private server:
How could I go about making this work? I have a feeling that I will need to run some sort of VPN on my EC2 instance but I can’t find out how. Any guidance would be greatly appreciated.
Unless your private server is performing some official public function, I’d be shocked if your school assigned it a public IP address and allowed inbound SSH/SCP connections to it. So that’s why you can’t make an inbound connection.
I’d say the easiest way to make this work would be to use the AWS CLI to copy the files from your EC2 instance to an S3 bucket, then use the AWS CLI on your private server to copy the files from the S3 bucket to its local storage. You could use the aws s3 sync command to do it on a scheduled basis. That way you’d just need to create AWS API keys for your private server, and assign the appropriate S3 permissions to the IAM user that owns those keys. On the EC2 side you’d need to assign permissions to the IAM role associated with the server.
VPN might be possible but would be more complicated to set up than S3, IMHO.
Assuming the private server isn’t accepting any inbound connections (firewall rules, NAT, etc.), you can create a reverse SSH tunnel between private and ec2.
Working from memory here, so I encourage you to Google it as well.
Your private server is in private subnet and your ec2 instance has public interface and the security group of the ec2 allow port 22. That’s why you can scp from private the ec2 ,but not the other way around.
An easy way is to do from private machine sftp to the ec2 instance and the use the get command to download the files from the ec2 to the private server.
But if you are already on the private server, why do you have to explicitly specify the host part for the private server. That makes scp do a remote-to-remote copy. What you are trying to do is really remote-to-local and local-to-remote.
IOW, if you stay logged on the private server, wouldn’t these just work?
This actually works! However, it’s going the opposite direction that I want it to. For example the command works:
scp -P 1234 private@localhost:~/test.txt ./
This results in a tile from my private server being transferred to my aws server. However, I want to make the opposite happen. I need to transfer files from my aws server to my private server.
The following command does not work:
scp ./test.txt -P 1234 private@localhost:~/
The above command results in the following error:
private@localhost: Permission denied (publickey).
lost connection
Any ideas on how I can fix this?
Edit: I figured out the issue. Just in case anyone in the future stumbles across this thread, here’s the solution: You need to specify the port before anything else. So in my case the command needs to look like this:
If your private server is Windows, you can use Filezilla and connect to the EC2’s SSH as SFTP. Then use the GUI of Filezilla to do whatever copies you want.
This is good for a quick 1 time job. If this is a repeated task, script it.