Trouble Rsyncing/SCPing over balena tunnel

following the code from:

Only difference is I’m trying to go from my device to my local laptop. I’m currently trying to do this for a device that is not on my local network.

I’m just seeing the SCP close the connection though.

scp -v -6 -i ~/.ssh/id_rsa -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -P 4321 root@127.0.0.1:/mnt/data/docker/volumes/1985225_i8labs-data/_data/model_outputs/2023-08-15model_output.yaml ./tense-zone08-15.yaml
Executing: program /usr/bin/ssh host 127.0.0.1, user root, command sftp
OpenSSH_9.0p1, LibreSSL 3.3.6
debug1: Reading configuration data /Users/bbourn/.ssh/config
debug1: /Users/bbourn/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* matched no files
debug1: /etc/ssh/ssh_config line 54: Applying options for *
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug1: resolve_canonicalize: hostname 127.0.0.1 is an unrecognised address
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to 127.0.0.1 port 4321.
debug1: Connection established.
debug1: identity file /Users/bbourn/.ssh/id_rsa type 0
debug1: identity file /Users/bbourn/.ssh/id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.0
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2
debug1: compat_banner: match: OpenSSH_8.2 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 127.0.0.1:4321 as 'root'
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:cj2BOjxLyx9YAZdGy9xD4L0dUJW9N+sjXjFsg/vGnro
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: checking without port identifier
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
Warning: Permanently added '[127.0.0.1]:4321' (ED25519) to the list of known hosts.
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: ssh_fetch_identitylist: agent contains no identities
debug1: Will attempt key: /Users/bbourn/.ssh/id_rsa RSA SHA256:WprcyYAdeue/Q0/mgAkqlQe0iOpyXuAXTC9xb8qEeoc explicit
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com>
debug1: SSH2_MSG_SERVICE_ACCEPT received
Authenticated to 127.0.0.1 ([127.0.0.1]:4321) using "none".
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: Sending environment.
debug1: channel 0: setting env LC_ALL = "en_US.UTF-8"
debug1: channel 0: setting env LANG = "en_US.UTF-8"
debug1: Sending subsystem: sftp
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
debug1: channel 0: free: client-session, nchannels 1
scp: Connection closed
Transferred: sent 1816, received 2268 bytes, in 0.5 seconds
Bytes per second: sent 3671.6, received 4585.5
debug1: Exit status 127

netstat:

root@348ce71:~# netstat -ant
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       
tcp        0      0 192.168.42.1:80         0.0.0.0:*               LISTEN      
tcp        0      0 192.168.42.1:53         0.0.0.0:*               LISTEN      
tcp        0      0 127.0.0.2:53            0.0.0.0:*               LISTEN      
tcp        0      0 10.114.102.1:53         0.0.0.0:*               LISTEN      
tcp        0      0 :::48484                :::*                    LISTEN      
tcp        0      0 :::2375                 :::*                    LISTEN      
tcp        0      0 :::22222                :::*                    LISTEN      
tcp        0      0 fe80::f8c7:8a38:69f2:936f:53 :::*                    LISTEN      
tcp        0      0 2607:fb90:3786:9072:f8c5:601e:f0a6:1356:57242 2607:7700:0:54::36c5:8382:443 TIME_WAIT   
tcp        0      1 2607:fb90:3786:9072:f8c5:601e:f0a6:1356:61640 2607:7700:0:54::12eb:426:443 FIN_WAIT1   
tcp        0      0 2607:fb90:3786:9072:f8c5:601e:f0a6:1356:57258 2607:7700:0:54::36c5:8382:443 TIME_WAIT   
tcp        0      0 2607:fb90:3786:9072:f8c5:601e:f0a6:1356:55536 2607:7700:0:54::3e6:32ea:443 TIME_WAIT   
tcp        0      0 2607:fb90:3786:9072:f8c5:601e:f0a6:1356:57250 2607:7700:0:54::36c5:8382:443 TIME_WAIT   
tcp        0    936 ::ffff:10.241.35.72:22222 ::ffff:52.4.252.97:39965 ESTABLISHED 
tcp        0    932 2607:fb90:3786:9072:f8c5:601e:f0a6:1356:63058 2600:1f18:6600:7f01:dc24:54f2:d95f:abc0:443 ESTABLISHED 
tcp        0      0 2607:fb90:3786:9072:f8c5:601e:f0a6:1356:54130 2606:4700::6812:c66:443 ESTABLISHED 
tcp        0      0 2607:fb90:3786:9072:f8c5:601e:f0a6:1356:55550 2607:7700:0:54::3e6:32ea:443 TIME_WAIT   
tcp        0  29421 2607:fb90:3786:9072:f8c5:601e:f0a6:1356:57264 2607:7700:0:54::36c5:8382:443 ESTABLISHED 
tcp        0      0 2607:fb90:3786:9072:f8c5:601e:f0a6:1356:55544 2607:7700:0:54::3e6:32ea:443 TIME_WAIT   

Can anyone see any issues?

Hello there!

I managed to get the following to work with no issues

balena tunnel <UUID> -p 22222:4321
scp  -i ~/.ssh/id_rsa -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -P 4321 root@127.0.0.1:/mnt/boot/config.json ./test.json

However I did get issues when I used -v -6 as you did in the command you shared. Not sure what to make of that.

With your tunnel active, can you simply ssh into the target device?

ssh root@127.0.0.1 -p 4321 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null

And if you can, does scp allow you to copy any file at all? For example the /mnt/boot/config.json.

One other thing to try is using a ED25519 key instead of an RSA one.

Hi, i’m guessing -v shouldn’t change anything, -6 is interesting. I can definitely ssh just fine and I did get the rsync option to work without really messing around. but it’s weird the scp wasn’t working. I had tried without -v -6 earlier and it still wasn’t working. I’ll try pulling config.json in a seccond and changing up the keys

Hey all, just checking back in from the future just incase anyone else finds this. here’s what I use now:

# terminal 1
balena tunnel <device-uuid> -p 22222:4321

#terminal 2
export RSYNC_RSH='ssh -p 4321 -o StrictHostKeyChecking=no'
rsync root@127.0.0.1:/mnt/data/docker/volumes/<volume_name>/_data/<path to file> ./

scp was temperamental however rsync is relatively solid for this. I didn’t need to move away from an RSA key