scp over 2 hosts
Jason Spangler
jasons at usemail.com
Fri Jul 21 00:00:30 EST 2000
Stephan Hendl wrote:
>
> Hi folks,
>
> I have the that I must copy some through a Plag-Gateway of a Firewall over
> 2 host. A secure connection via "ssh - t hosta ssh -t hostb" works fine,
> but does this work with scp too? Icould not realize it either with scp
> (1.2.27 of ssh.com) or scp from openssh. Do you have any ideas?
My firewall blocks incoming connections to low ports so I have to use
"ssh -P host1" to tell ssh to use a high numbered port. The commercial
ssh's scp includes the -L option to do the same (scp -L host1:file
host2:file), but OpenSSH's scp is missing this option. Attached is a patch
I submitted to the list a week or two ago that adds the -L option to scp.
Hope this helps!
-------------- next part --------------
--- openssh-2.1.1p2.orig/scp.c Thu Jun 22 06:32:32 2000
+++ openssh-2.1.1p2/scp.c Fri Jul 7 12:28:27 2000
@@ -8,6 +8,11 @@
*
* 1995 Timo Rinne <tri at iki.fi>, Tatu Ylonen <ylo at cs.hut.fi>
*
+ * Changes:
+ *
+ * 2000/7/7 Jason Spangler <jasons at usemail.com>
+ * Added nonprivilaged port option -L that passes -P option to SSH
+ *
*/
/*
@@ -93,6 +98,9 @@
and passphrase queries are not allowed). */
int batchmode = 0;
+/* This is set to non-zero if a non-privilaged port is desired. */
+int nonprivilaged_port = 0;
+
/* This is set to the cipher type string if given on the command line. */
char *cipher = NULL;
@@ -161,6 +169,8 @@
args[i++] = "-C";
if (batchmode)
args[i++] = "-oBatchMode yes";
+ if (nonprivilaged_port)
+ args[i++] = "-P";
if (cipher != NULL) {
args[i++] = "-c";
args[i++] = cipher;
@@ -252,7 +262,7 @@
extern int optind;
fflag = tflag = 0;
- while ((ch = getopt(argc, argv, "dfprtvBCc:i:P:q46")) != EOF)
+ while ((ch = getopt(argc, argv, "dfprtvBCc:i:P:q46L")) != EOF)
switch (ch) {
/* User-visible flags. */
case '4':
@@ -300,6 +310,9 @@
case 'q':
showprogress = 0;
break;
+ case 'L':
+ nonprivilaged_port = 1;
+ break;
case '?':
default:
usage();
@@ -406,16 +419,18 @@
else if (!okname(suser))
continue;
(void) sprintf(bp,
- "%s%s -x -o'FallBackToRsh no' -n -l %s %s %s %s '%s%s%s:%s'",
+ "%s%s%s -x -o'FallBackToRsh no' -n -l %s %s %s %s '%s%s%s:%s'",
SSH_PROGRAM, verbose_mode ? " -v" : "",
+ nonprivilaged_port ? " -P" : "",
suser, host, cmd, src,
tuser ? tuser : "", tuser ? "@" : "",
thost, targ);
} else {
host = cleanhostname(argv[i]);
(void) sprintf(bp,
- "exec %s%s -x -o'FallBackToRsh no' -n %s %s %s '%s%s%s:%s'",
+ "exec %s%s%s -x -o'FallBackToRsh no' -n %s %s %s '%s%s%s:%s'",
SSH_PROGRAM, verbose_mode ? " -v" : "",
+ nonprivilaged_port ? " -P" : "",
host, cmd, src,
tuser ? tuser : "", tuser ? "@" : "",
thost, targ);
--- openssh-2.1.1p2.orig/scp.1 Wed Apr 12 21:26:37 2000
+++ openssh-2.1.1p2/scp.1 Fri Jul 7 12:25:32 2000
@@ -106,6 +106,14 @@
Forces
.Nm
to use IPv6 addresses only.
+.It Fl L
+Use a non-privileged port for outgoing connections.
+This can be used if your firewall does
+not permit connections from privileged ports.
+Note that this option turns off
+.Cm RhostsAuthentication
+and
+.Cm RhostsRSAAuthentication .
.Sh AUTHORS
Timo Rinne <tri at iki.fi> and Tatu Ylonen <ylo at cs.hut.fi>
.Sh HISTORY
--- openssh-2.1.1p2.orig/scp.0 Sat Jul 1 04:43:10 2000
+++ openssh-2.1.1p2/scp.0 Fri Jul 7 12:27:42 2000
@@ -56,6 +56,11 @@
-6 Forces scp to use IPv6 addresses only.
+ -L Use a non-privileged port for outgoing connections. This can be
+ used if your firewall does not permit connections from privileged
+ ports. Note that this option turns off RhostsAuthentication and
+ RhostsRSAAuthentication.
+
AUTHORS
Timo Rinne <tri at iki.fi> and Tatu Ylonen <ylo at cs.hut.fi>
More information about the openssh-unix-dev
mailing list