scp over 2 hosts
Mike Fisk
mfisk at lanl.gov
Thu Jul 27 12:18:24 EST 2000
On Thu, 20 Jul 2000, Stephan Hendl wrote:
> Hi folks,
>
> I have the that I must copy some through a Plag-Gateway of a Firewall
> over 2 host. A secure connection via "ssh - t hosta ssh -t hostb"
> works fine, but does this work with scp too? Icould not realize it
> either with scp (1.2.27 of ssh.com) or scp from openssh. Do you have
> any ideas?
Yes, I do the following
scp jdoe at firewall:joe at myserver:/tmp/source /tmp/dest
I use Kerberos authentication, however. I wrote the following note for
some internal documentation for F-Secure SSH. It may very well apply to
OpenSSH:
SCP uses the same communications channel for transferring data that would
be used to prompt the user for a password. Further, the standard SCP
client insists on not forwarding RSA authentication or X-windows.
Therefore the above commands will normally work only if the internal
machine (myserver) accepts Kerberos tickets. To allow scp to work with RSA
keys or open a password authentication X-Window (using ssh-askpass), you
will need to do the following:
1.Download the scpssh Perl script to the client and remember the path
to where you save it.
2.Make scpssh executable:
chmod +x /path/to/scpssh
3.Always begin SCP commands with the -S option and the pathname of the
scpssh:
scp -S /path/to/scpssh
The scpssh script is as follows:
#!/usr/local/bin/perl
while ($_ = shift(@ARGV)) {
if ($_ eq "-x") {
next;
} elsif ($_ eq "-a") {
next;
} elsif ($_ eq "-oClearAllForwardings yes") {
next;
} else {
push(@args, $_);
}
}
exec("/usr/local/bin/ssh", @args);
--
Mike Fisk, RADIANT Team, Network Engineering Group, Los Alamos National Lab
See http://home.lanl.gov/mfisk/ for contact information
More information about the openssh-unix-dev
mailing list