@russel, probably just a typo, but I’ve noticed you wrote that ssh -p 3333 user@deviceIP works when on the same network as the device – that port number has 4 digits, whereas the previous balena tunnel command was forwarding port 33333 (5 digits, an extra ‘3’).
I have another theory of what could be going wrong. The balena tunnel output shows that, on the host OS, a connection is attempted to 10.240.19.98:33333. If you run netstat -ant on the host OS (and in your app container), what is the IP address that the 33333 ssh server is bound to / listening on? If it is something like “x.x.x.x:33333”, where “x.x.x.x” is neither “0.0.0.0” nor “10.240.19.98”, then that may be the problem. If that’s the problem, then configuring the ssh server to bind to “0.0.0.0” (instead of perhaps 127.0.0.1) should solve it.
About scp: if rsync was an acceptable alternative to scp (it has a lot more features!), it possible to use rsync to transfer files to/from an app container without installing a ssh server in the container. rsync needs to be installed in both the source and destination containers/machines, so both your laptop and the app container. On the app container, it’s usually as simple as apt-get update; apt-get install rsync. On MacOS, I think it comes with Xcode, and if not then homebrew. On Windows there’s Cygwin.
It is not necessary to setup rsync as a daemon/server, although rsync offers that possibility. Instead, I suggest using rsync over ssh, which is the most common setup, in which case rsync has a similar basic command line as scp:
rsync source_folder root@deviceIp:destination_folder
The trick to avoid the extra ssh server is to get rsync to use balena-engine exec behind the scenes, and for that I have small shell script.* If that script was saved to, say, /home/user/rsync-shell.sh, then usage goes along the lines of:
# on a laptop terminal:
balena tunnel <long_UUID> -p 22222:4321
# on another laptop terminal:
export RSYNC_RSH="/home/user/rsync-shell.sh" && chmod +x "$RSYNC_RSH"
rsync source_folder main:destination_folder
Where 'main' is any name chosen for the device or app container.
*The rsync-shell.sh script, with hardcoded values for port numbers and container names:
#!/bin/bash
new_args=()
for arg in "$@"; do
if [ "$arg" = "main" ]; then
new_args+=(-p 4321 root@127.0.0.1 balena-engine exec -i main_1_1)
else
new_args+=("$arg")
fi
done
echo original command: ssh "$@" >&2
echo modified command: ssh ${new_args[@]} >&2
ssh ${new_args[@]}
As a matter of fact, a similar script can be used with the scp -S command-line option, in which case it’s possible to use scp without installing a ssh server in an app container. But I find it less attractive than rsync, because of all of rsync's additional features – and the script would need some changes. 