scp over 2 hosts

Mike Fisk mfisk at lanl.gov
Thu Jul 27 12:18:24 EST 2000


On Thu, 20 Jul 2000, Stephan Hendl wrote:

> Hi folks,
> 
> I have the that I must copy some through a Plag-Gateway of a Firewall
> over 2 host. A secure connection via "ssh - t hosta ssh -t hostb"
> works fine, but does this work with scp too? Icould not realize it
> either with scp (1.2.27 of ssh.com) or scp from openssh. Do you have
> any ideas?

Yes, I do the following

scp jdoe at firewall:joe at myserver:/tmp/source /tmp/dest

I use Kerberos authentication, however.  I wrote the following note for
some internal documentation for F-Secure SSH.  It may very well apply to
OpenSSH:

SCP uses the same communications channel for transferring data that would
be used to prompt the user for a password. Further, the standard SCP
client insists on not forwarding RSA authentication or X-windows.
Therefore the above commands will normally work only if the internal
machine (myserver) accepts Kerberos tickets. To allow scp to work with RSA
keys or open a password authentication X-Window (using ssh-askpass), you
will need to do the following:

   1.Download the scpssh Perl script to the client and remember the path
to where you save it. 

   2.Make scpssh executable: 

        chmod +x /path/to/scpssh

   3.Always begin SCP commands with the -S option and the pathname of the
scpssh: 

        scp -S /path/to/scpssh

The scpssh script is as follows:

#!/usr/local/bin/perl
while ($_ = shift(@ARGV)) {
        if ($_ eq "-x") {
                next;
        } elsif ($_ eq "-a") {
                next;
        } elsif ($_ eq "-oClearAllForwardings yes") {
                next;
        } else {
                push(@args, $_);
        }
}
exec("/usr/local/bin/ssh", @args);



-- 
Mike Fisk, RADIANT Team, Network Engineering Group, Los Alamos National Lab
See http://home.lanl.gov/mfisk/ for contact information






More information about the openssh-unix-dev mailing list