scp over 2 hosts

Mike Fisk mfisk at
Thu Jul 27 12:18:24 EST 2000

On Thu, 20 Jul 2000, Stephan Hendl wrote:

> Hi folks,
> I have the that I must copy some through a Plag-Gateway of a Firewall
> over 2 host. A secure connection via "ssh - t hosta ssh -t hostb"
> works fine, but does this work with scp too? Icould not realize it
> either with scp (1.2.27 of or scp from openssh. Do you have
> any ideas?

Yes, I do the following

scp jdoe at firewall:joe at myserver:/tmp/source /tmp/dest

I use Kerberos authentication, however.  I wrote the following note for
some internal documentation for F-Secure SSH.  It may very well apply to

SCP uses the same communications channel for transferring data that would
be used to prompt the user for a password. Further, the standard SCP
client insists on not forwarding RSA authentication or X-windows.
Therefore the above commands will normally work only if the internal
machine (myserver) accepts Kerberos tickets. To allow scp to work with RSA
keys or open a password authentication X-Window (using ssh-askpass), you
will need to do the following:

   1.Download the scpssh Perl script to the client and remember the path
to where you save it. 

   2.Make scpssh executable: 

        chmod +x /path/to/scpssh

   3.Always begin SCP commands with the -S option and the pathname of the

        scp -S /path/to/scpssh

The scpssh script is as follows:

while ($_ = shift(@ARGV)) {
        if ($_ eq "-x") {
        } elsif ($_ eq "-a") {
        } elsif ($_ eq "-oClearAllForwardings yes") {
        } else {
                push(@args, $_);
exec("/usr/local/bin/ssh", @args);

Mike Fisk, RADIANT Team, Network Engineering Group, Los Alamos National Lab
See for contact information

More information about the openssh-unix-dev mailing list