Transfer files and SSH between private networks with wush
By Sergsoares |
| 4 minutes
A interesting app that I found recently navigating on Reddit is wush.
Wush is a cli application to transfer files or open shell sessions through one Wireguard connection using the Public Tailscale DERP Relays, it is made from coder that is the company behind the Code server.
Scenarios that wush can be useful (to avoid launch public intermediaries) and both sides have outbound internet connection:
Copy file from AWS EC2 to a Proxmox VM
Copy file between docker containers in different networks
Copy file from work PC to a raspberry pi at home
Upload data from EKS pods in a private VPC
Sent public keys for servers with only GUI terminal access.
Let’s show how wush works with a practical example:
Install Wush in linux (both target and source servers)
This is a script to download and extract wush binary, but you can install using the Wush bash script or download the specific release for your architecture in wush releases.
cd /tmp
exportVERSION=0.1.2
wget "https://github.com/coder/wush/releases/download/v0.1.2/wush_${VERSION}_linux_386.tar.gz"tar xzf "wush_${VERSION}_linux_386.tar.gz"./wush
USAGE:
wush <subcommand>
wush 0.1.2 - peer-to-peer file transfers
and shells
- Start the wush server:
$ wush serve
- Open a shell to the wush host:
$ wush ssh
- Transfer files to the wush host using rsync:
$ wush rsync
local-file.txt :/path/to/remote/file
- Copy a single file to the host:
$ wush cp local-file.txt
SUBCOMMANDS:
cp Transfer files.
rsync Transfer files over rsync.
serve Run the wush server.
ssh Open a shell.
version Show wush version.
OPTIONS:
--version bool
Print the version and exit.
Install wush and execute wush in the target server to generate the keys and the auth key that will be used.
1
2
3
4
5
6
7
8
./wush serve
Picked DERP region Toronto as overlay home
Your auth key is:
> 112v7Z17Mw6YFF2NmooVgBNo21Lwc1AkJ5cCvuvXhfSdJXHaun42s9P3HztHP5gXE9PAiq8UycWNEgRFUMYTHrbnxkh
Use this key to authenticate other wush commands to this instance.
14:14:27 WireGuard is ready
14:14:28 SSH server enabled
14:14:28 File transfer server enabled
Now from any other device running wush you can:
From another device open shell session to target server
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# Provide auth key from target serverwush ssh
┃ Enter your Auth ID:
┃ >
wush ssh
Auth information:
> Server overlay STUN address: Disabled
> Server overlay DERP home: Toronto
> Server overlay public key: [tYlsL] > Server overlay auth key: [3wHd2]Bringing WireGuard up..
WireGuard is ready!
Received peer
Peer active with relay tor
ubuntu $
From another device transfer files to target server
Let’s generate a file and copy that file using wush: