Tuesday, September 29, 2009

SCP over SSH

I was asked by a special someone to convert a DV tape into digital format at the ETC. So I did.

The resulting file was a 9.35 GB Quicktime movie. Of course, I didn't at all think about how I was going to transfer such a large file off of the ETC computer.
  1. I captured it in Premiere Pro, which apparently cannot save to anything other than Quicktime format, nor does the ETC have any compression programs on their computers.
  2. I did not have my flash drive with me (which wouldn't have mattered since it's way too small.
  3. I did not have my laptop on me to transfer the file to.
  4. The only external hard drive the ETC has was checked out and overdue.
  5. I couldn't scp the file from the Mac to my computer, because for some unknown reason, I could not establish an ssh connection with it.

So what was I to do? I had exhausted all the file transfer possibilities I could think of. I decided to experiment a bit more and found out that, lo and behold, I could ssh into Matthew! Now, why I could ssh into my CSE account on Matthew but not into my personal computer is beyond me. I know I didn't leave my computer in Windows, and sshd should be running...so I checked. I ssh'ed from Matthew to my computer just fine! In fact, I even ended up SSHing to Matthew with X-forwarding and then setting up a VNC connection to my desktop. It worked.

This went to prove that I was in fact able to transfer information from the ETC computer to my desktop, via Matthew. But how to transfer a 9+ GB file? I did some testing and then tried this experiment:

First, I created the most simple Perl script oProxy-Connection: keep-alive
Cache-Control: max-age=0

20my desktop:
print while (<>);

It just spits out everything that is fed to it. Then I invoked this script by SSHing to Matthew, passing it a command to SSH to my desktop and execute the script, redirecting the standard output to a file on my desktop. I typed in a few lines of text and then sent ^D. I checked the file on my desktop, and it worked! This means I can utilize this system to transfer arbitrarily large files over SSH. I first had to enable passwordless logins from the ETC computer, and then I set it to work...

$ ls -lh Movie.mov
-rw-r--r--@ 1 etcmedia staff 9.4G Sep 29 16:04 MovieProxy-Connection: keep-alive
Cache-Control: max-age=0

$ cat Movie.mov | ssh -C jdenardo@matthew.cse.taylor.edu \
"ssh jdenardo@ \"/home/jdenardo/transfer.pl > \

A few minutes later, the command finished, and I checked the MD5 checksums of the input and output files:

MD5 (Movie.mov) = ed889ff1879832e46c9d6e68fd56657a
ed889ff1879832e46c9d6e68fd56657a Movie.mov

...they match! Despite not being able to directly SSH to my desktop, I was able to set up a route through another computer on the LAN and copy files! As a bonus, it was all done securely! This is certain


Jason Maas said...

Nice bit of geekery! Thanks for the explanation! I'll pick one nit in your first sentence though: do you know what the "D" in DV stands for? :)

denaje said...

Yes I do...what I meant by that was conversion from tape to a computer file. Granted, both are digital, but I still had to capture it from the tape like I would capture video from an analog VHS tape.

Jason Maas said...

Yeah, I know that working with tape is a pain, digital or not. We recently got a new camera that can also shoot nice video saved to flash memory, so it will be replacing our "old" miniDV camcorder. Having a single device to carry for photos or videos will be nice [most of the time] and not having to deal with slow, linear tape will also be nice. But anytime you make it easier to shoot video then you end up with more of it...and the editing gets harder. Is that really a net improvement? :) Apple or Google needs to come up with an "autodetect enjoyable footage" feature. ;)

denaje said...

I bet they could do it! Sprinkle on a little AI...

Jeremy Erickson said...

The problem with accessing your computer from the ETC is that the dorm network and the academic network can't see each other at Taylor. I think this is implemented at a firewall/router level. You will have the same problem if you try to SSH your personal machine from a staff or faculty computer, unless said computer is on the CSE network instead of the campus network. I don't think the Zondervan or Reade labs have this problem, but I'm not 100% sure. The CSE network is visible to both, so it is a good workaround.

Jeremy Erickson said...


Your little Perl script has the same functionality as "cat" called without any arguments.

If I were in that situation, I would use something like

"ssh -L 1025:{your IP}:22 {username}@matthew.cse.taylor.edu"

and then "scp -P 1025 {file} {username}@localhost:{destination}" or "sftp -o port=1025 {username}@localhost"

Port forwarding is a really easy way to get around not being able to get to a computer. This method also has the theoretical advantage of Matthew never seeing your data in the clear.

denaje said...

Ah, you know, I knew there was an easy workaround for this but I wasn't thinking of it. Port forwarding would have obviously been way easier...