scp over 2 hosts

Jason Spangler jasons at usemail.com
Fri Jul 21 00:00:30 EST 2000


Stephan Hendl wrote:
> 
> Hi folks,
> 
> I have the that I must copy some through a Plag-Gateway of a Firewall over
> 2 host. A secure connection via "ssh - t hosta ssh -t hostb" works fine,
> but does this work with scp too? Icould not realize it either with scp
> (1.2.27 of ssh.com) or scp from openssh. Do you have any ideas?

My firewall blocks incoming connections to low ports so I have to use 
"ssh -P host1" to tell ssh to use a high numbered port.  The commercial
ssh's scp includes the -L option to do the same (scp -L host1:file
host2:file), but OpenSSH's scp is missing this option.  Attached is a patch
I submitted to the list a week or two ago that adds the -L option to scp.

Hope this helps!
-------------- next part --------------
--- openssh-2.1.1p2.orig/scp.c	Thu Jun 22 06:32:32 2000
+++ openssh-2.1.1p2/scp.c	Fri Jul  7 12:28:27 2000
@@ -8,6 +8,11 @@
  *
  * 1995 Timo Rinne <tri at iki.fi>, Tatu Ylonen <ylo at cs.hut.fi>
  *
+ * Changes:
+ *
+ * 2000/7/7  Jason Spangler <jasons at usemail.com>
+ * Added nonprivilaged port option -L that passes -P option to SSH
+ *
 */
 
 /*
@@ -93,6 +98,9 @@
    and passphrase queries are not allowed). */
 int batchmode = 0;
 
+/* This is set to non-zero if a non-privilaged port is desired. */
+int nonprivilaged_port = 0;
+
 /* This is set to the cipher type string if given on the command line. */
 char *cipher = NULL;
 
@@ -161,6 +169,8 @@
 			args[i++] = "-C";
 		if (batchmode)
 			args[i++] = "-oBatchMode yes";
+		if (nonprivilaged_port)
+			args[i++] = "-P";
 		if (cipher != NULL) {
 			args[i++] = "-c";
 			args[i++] = cipher;
@@ -252,7 +262,7 @@
 	extern int optind;
 
 	fflag = tflag = 0;
-	while ((ch = getopt(argc, argv, "dfprtvBCc:i:P:q46")) != EOF)
+	while ((ch = getopt(argc, argv, "dfprtvBCc:i:P:q46L")) != EOF)
 		switch (ch) {
 		/* User-visible flags. */
 		case '4':
@@ -300,6 +310,9 @@
 		case 'q':
 			showprogress = 0;
 			break;
+		case 'L':
+			nonprivilaged_port = 1;
+			break;
 		case '?':
 		default:
 			usage();
@@ -406,16 +419,18 @@
 				else if (!okname(suser))
 					continue;
 				(void) sprintf(bp,
-					       "%s%s -x -o'FallBackToRsh no' -n -l %s %s %s %s '%s%s%s:%s'",
+					       "%s%s%s -x -o'FallBackToRsh no' -n -l %s %s %s %s '%s%s%s:%s'",
 					       SSH_PROGRAM, verbose_mode ? " -v" : "",
+					       nonprivilaged_port ? " -P" : "",
 					       suser, host, cmd, src,
 					       tuser ? tuser : "", tuser ? "@" : "",
 					       thost, targ);
 			} else {
 				host = cleanhostname(argv[i]);
 				(void) sprintf(bp,
-					       "exec %s%s -x -o'FallBackToRsh no' -n %s %s %s '%s%s%s:%s'",
+					       "exec %s%s%s -x -o'FallBackToRsh no' -n %s %s %s '%s%s%s:%s'",
 					       SSH_PROGRAM, verbose_mode ? " -v" : "",
+					       nonprivilaged_port ? " -P" : "",
 					       host, cmd, src,
 					       tuser ? tuser : "", tuser ? "@" : "",
 					       thost, targ);
--- openssh-2.1.1p2.orig/scp.1	Wed Apr 12 21:26:37 2000
+++ openssh-2.1.1p2/scp.1	Fri Jul  7 12:25:32 2000
@@ -106,6 +106,14 @@
 Forces
 .Nm
 to use IPv6 addresses only.
+.It Fl L
+Use a non-privileged port for outgoing connections.
+This can be used if your firewall does
+not permit connections from privileged ports.
+Note that this option turns off
+.Cm RhostsAuthentication
+and
+.Cm RhostsRSAAuthentication .
 .Sh AUTHORS
 Timo Rinne <tri at iki.fi> and Tatu Ylonen <ylo at cs.hut.fi>
 .Sh HISTORY
--- openssh-2.1.1p2.orig/scp.0	Sat Jul  1 04:43:10 2000
+++ openssh-2.1.1p2/scp.0	Fri Jul  7 12:27:42 2000
@@ -56,6 +56,11 @@
 
      -6      Forces scp to use IPv6 addresses only.
 
+     -L      Use a non-privileged port for outgoing connections.  This can be
+             used if your firewall does not permit connections from privileged
+             ports.  Note that this option turns off RhostsAuthentication and
+             RhostsRSAAuthentication.
+
 AUTHORS
      Timo Rinne <tri at iki.fi> and Tatu Ylonen <ylo at cs.hut.fi>
 


More information about the openssh-unix-dev mailing list