2

I've tried researching my options, but, nothing works quite the way I need it to. Most helpful information is found here: scp files via intermediate host

I have the following setup: I'm on Machine A. I have keys set up on Machine B (with ssh agent enabled) that grant me access to Machine C. (As an aside, the reason for this configuration is that access to machine B is heavily restricted, including two factor authentication, and every other machine is configured to only allow SSH root access coming from this machine.)

The issue is that the ssh-agent code only runs for login shells, not when commands are run over ssh, so it doesn't attempt to use the key that is located on Machine B to access Machine C. This is the code in my .bashrc and .profile:

export SSH_AUTH_SOCK=~/.ssh/ssh-agent.$HOSTNAME.sock
ssh-add -l 2>/dev/null >/dev/null
if [ $? -ge 2 ]; then
  ssh-agent -a "$SSH_AUTH_SOCK" >/dev/null
fi

Ideally, I'd like to be able to alias some command so that I can run it just like scp (e.g. scpproxy localfile user@MachineC:/root/remotefile). My current solution is, from Machine B, scp -3 user@MachineA:localfile user@MachineC:remotefile (where the -3 causes scp to use the local machine as an intermediate host, instead of the default where it tries to copy directly from A to C) which is less than perfect.

Any help is appreciated!

Community
  • 1
Travis DePrato
  • 31

1 Answers1

0

The configuration for scp and ssh through intermediate hosts are (essentially) the same. Many other answers for scp, ssh or even rsync in the same context should work for you. Fundamentally, you should be using the same key to get access to from Machine "A" to "B" as you use to get from Machine "B" to "C". However, it looks like you might be tyring to use passphrase-less keys located on "B" to get access to "C". Leaving aside the (bad) security implications of that passphrase-less keys, I would instead suggest you place the same public key of your (hopefully passphrase protected) private key located on "A" into the ~/.ssh/authorized_keys file on "C". That way, all you need to do is something like this:

scp -o "ProxyCommand ssh -A B -W %h:%p" C:file .

That will setup the proxy/hop via host "B", fetching the file name 'file' in your home directory on "C" and depsiting it into the current working directory on "A".

Additionally you can codify that into your ~/.ssh/config file:

Host C
  ProxyCommand ssh -A B -W %h:%p

Then, you can simply:

scp C:file .

Moreover, none of this requires an alias or script to do it for you. You just use scp directly.

Community
  • 1
crimson-egret
  • 3,636