Re: scp via a intermediate computer

Peng Yu wrote:
On May 25, 6:16 am, Joachim Gann <joachim.g...@xxxxxxxxx> wrote:
Peng Yu wrote:
Hi,
For some reason, I can only access computer A through computer B. That
is, suppose my computer is C, I can ssh to B from C, but I can not ssh
to A from C. Once I login computer B, I can ssh to A from B.
I'm wondering how to use port forwarding on B such that I can scp from
A to C. Otherwise, I'll have to scp files from A to B and then B to C,
which is too annoying.
Would you please let me know the command so that I can scp A to C
without creating any temporary files on B?
Thanks,
Peng
assuming your ssh daemons listen on port 22

1. choose an unused tcp port on B, say 1111
2. on A: ssh -nR 1111:C:22 B &
this sets up port forwarding from B:1111 to C:22, you need this once.
it tells you the pid on startup, you can kill the process once you
don't need the forwarding anymore
note that B must be able to resolve the hostname "C" to an IP address
3. now on A: scp -P 1111 something B:
your scp now connects to B:1111 which has been forwarded to C:22

step 3 might need an "-o stricthostkeychecking=no" since scp believes it
is connecting to B but through the forwarding is actually talking to C,
which should have a different host key.

Regards
Joachim

Hi Joachim,

Assuming, A->B->C, where '->' means "can access". I tried

2. on A: ssh -nR 1111:C:22 B
This would prompt me to type passwd for B but not C.

Now enter the password for B. Leave the connection open. Read up the -R option in the ssh manual, to give yourself some clue on what you're doing. Then proceed with 3 in a new terminal session or window.
I am used to using key authentication so I am not being asked for a password and put the step 2 ssh command in the background with &.

Joachim
.

Relevant Pages

  • Port Forwarding over Unreliable Connections
    ... I make extensive use of ssh port forwarding to access machines behind ... patiently wait a long time before finally snipping the connection. ...
    (comp.security.ssh)
  • Re: scp via a intermediate computer
    ... is, suppose my computer is C, I can ssh to B from C, but I can not ssh ... I'm wondering how to use port forwarding on B such that I can scp from ... Otherwise, I'll have to scp files from A to B and then B to C, ...
    (comp.security.ssh)
  • Re: Partial SNAFUs - X11Forwarding etc.
    ... to the base server machine via SSH, or it it also supposed to protect ... back "up the line" to the client machine? ... the ssh server host is compromised or otherwise untrustworthy, ... refrain from running the program via ssh X11 forwarding - there's no ...
    (comp.security.ssh)
  • Re: Whats the deal on the -X vs -Y thing?
    ... As a quick fix you could use something like this as your remote ssh ... chain is compromised (eg at either the tty layer, X11 forwarding port ... forwarding would not be needed on the intermediate hosts. ...
    (comp.security.ssh)
  • Re: Openssh Port Forwarding Confusion
    ... >Now for my Port forwarding question. ... So far what I have extracted about ssh port ... You connect to a port on the SSH client. ...
    (comp.security.ssh)