I have a remote machine. The way we access to that machine is through a token (obtained by using "One Identity Safeguard for Privileged Passwords") of the kind vaultaddress=someip@token=blabla@pam-xxx@blabla@remote_ip@someip3, but we don't work with pam-xxx but with useful-user. So once we ssh vaultaddress=blabla, we then ssh useful-user@localhost and then we start working. We ssh inside the remote machine (instead of using su - useful-user) to avoid writting the useful-user's password.
The problem with the token is that we can't reuse it, and for scp that's a huge problem, because for each copy operation we have to obtain a new token, making the process very error prone and also making using any tool that requires specifying some user and ip configuration to automate the use of scp impossible.
I was thinking of opening an ssh tunnel to :22 on the remote machine to "reuse" the authentication, but I haven't been able to make it work.
I first do ssh -L 9999:localhost:22 vaultaddress=blabla, keep the session open, and in another terminal then scp -P 9999 local-file real-user@localhost:/remote-folder, but it does not work because scp is trying to locate the key using my local machine user, which is my_name instead of pam-xxx. If I scp -v -P ... I can see how he is trying to locate /home/my_name/.ssh/id_rsa which doesn't exist.
How can I scp files directly as useful-user, or at least as pam-xxx, using the ssh tunnel? What I want to do is to be able to reuse the token so that I can get a set of fixed ip, port and user parameters that I can use to configure some of my tools.
NOTE: I'm looking for a Windows solution (master connections doesn't work there).
