Quickly grabbing files over an existing SSH connection
The Secure Shell (SSH) and Secure Copy (SCP) make remotely performing system administration and copying files across secure links a painless operation. SSH and SCP use the same SSH protocol to protect network communications, but they rely on users knowing if they want a shell or to copy a file beforehand. You cannot easily use an existing SSH shell connection to a remote machine and just grab one or two files; if you want the files, you’ll have to make another SSH connection for the file copy using SCP — unless you have ssh-xfer.
The ssh-xfer project uses the local SSH agent to allow you to easily grab files using an existing SSH shell connection. You do not have to modify either the SSH client or server programs to use ssh-xfer — but you will need to patch your ssh-agent. Although having to patch the ssh-agent is not ideal, you do gain one major advantage by doing this: you can send a file through more than one SSH connection. So if you first connect to the firewall and then you connected to a remote server from there, and from that remote server to a remote desktop machine, and from the shell on the remote desktop machine you decide to grab /etc/foo.conf, you don’t have to think about how you to got there from your desktop, or how to SCP the file back via all the intermediate hosts. Simply run ssh-xfer /etc/foo.conf from the shell on the remote machine and the file will appear on your local machine’s ~/Desktop — or you can change the XFER_DEST_DIR definition in the ssh-xfer patch to specify a different default directory for transfers. Of course you’ll need the ssh-xfer program to be available on the remote machine, but you don’t need to change the SSH installation on any of the servers at all.