I wonder if there is a way for me to SCP the file from remote2 host directly from my local machine by going through a remote1 host.

The networks only allow connections to remote2 host from remote1 host. Also, neither remote1 host nor remote2 host can scp to my local machine.

Is there something like:

scp user1@remote1:user2@remote2:file .

First window: ssh remote1, then scp remot2:file ..

Second shell: scp remote1:file .

First window: rm file; logout

I could write a script to do all these steps, but if there is a direct way, I would rather use it.

Thanks.

EDIT: I am thinking something like opening SSH tunnels but i'm confused on what value to put where.

At the moment, to access remote1, i have the following in $HOME/.ssh/config on my local machine.

Host remote1
   User     user1
   Hostname localhost
   Port     45678

Once on remote1, to access remote2, it's the standard local DNS and port 22. What should I put on remote1 and/or change on localhost?

I don't know of any way to copy the file directly in one single command, but if you can concede to running an SSH instance in the background to just keep a port forwarding tunnel open, then you could copy the file in one command.

Like this:

# First, open the tunnel
ssh -L 1234:remote2:22 -p 45678 user1@remote1
# Then, use the tunnel to copy the file directly from remote2
scp -P 1234 user2@localhost:file .

Note that you connect as user2@localhost in the actual scp command, because it is on port 1234 on localhost that the first ssh instance is listening to forward connections to remote2. Note also that you don't need to run the first command for every subsequent file copy; you can simply leave it running.

Double ssh

Even in your complex case, you can handle file transfer using a single command line, simply with ssh ;-)
And this is useful if remote1 cannot connect to localhost:

ssh user1@remote1 'ssh user2@remote2 "cat file"' > file

tar

But you loose file properties (ownership, permissions...).

However, tar is your friend to keep these file properties:

ssh user1@remote1 'ssh user2@remote2 "cd path2; tar c file"' | tar x

You can also compress to reduce network bandwidth:

ssh user1@remote1 'ssh user2@remote2 "cd path2; tar cj file"' | tar xj

And tar also allows you transferring a recursive directory through basic ssh:

ssh user1@remote1 'ssh user2@remote2 "cd path2; tar cj ."' | tar xj

ionice

If the file is huge and you do not want to disturb other important network applications, you may miss network throughput limitation provided by scp and rsync tools (e.g. scp -l 1024 user@remote:file does not use more than 1 Mbits/second).

But, a workaround is using ionice to keep a single command line:

ionice -c2 -n7 ssh u1@remote1 'ionice -c2 -n7 ssh u2@remote2 "cat file"' > file

Note: ionice may not be available on old distributions.

This will do the trick:

scp -o 'Host remote2' -o 'ProxyCommand ssh user@remote1 nc %h %p' user@remote2:path/to/file .

To SCP the file from the host remote2 directly, add the two options (Host and ProxyCommand) to your ~/.ssh/config file (see also this answer on superuser). Then you can run:

scp user@remote2:path/to/file .

from your local machine without having to think about remote1.

With openssh version 7.3 and up it is easy. Use ProxyJump option in the config file.

# Add to ~/.ssh/config 
Host bastion
    Hostname bastion.client.com
    User userForBastion
    IdentityFile ~/.ssh/bastion.pem

Host appMachine
    Hostname appMachine.internal.com
    User bastion
    ProxyJump bastion                   # openssh 7.3 version new feature ProxyJump
    IdentityFile ~/.ssh/appMachine.pem. #no need to copy pem file to bastion host  

Commands to run to login or copy

ssh appMachine   # no need to specify any tunnel. 
scp helloWorld.txt appMachine:.   # copy without intermediate jumphost/bastion host copy.** 

ofcourse you can specify bastion Jump host using option "-J" to ssh command, if not configured in config file.

Note scp does not seems to support "-J" flag as of now. (i could not find in man pages. However above scp works with config file setting)