Copy remote logfile over 2 hop SSH sessions, without the need for keying passwords

2

I wish to get logfile from a remotePC via a gatewayServer to my local PC without keying passwords. The gateway server used acctA@gatewayServer. The remote PC used acctB@remotePC.

I have setup the SSH private/public keys on both gateway & remote.

From my local PC, I could SSH into remotePC directly via 2 hops without the need to key the 2 accounts' passwords, using: ssh acctA@gatewayServer -t ssh acctB@remotePC

But when I use SCP with ProxyCommand, it ask me for the password for acctB. Why?

scp -Cp -o "ProxyCommand ssh -q acctA@gateway -W remotePC:22" acctB@remotePC:/opt/logpath/log1.tgz log01.tgz

Advance thanks & appreciation to anyone who can advice.

user1340106

Posted 2015-06-08T10:30:45.513

Reputation: 21

Answers

0

The easiest thing is to introduce these lines in your .ssh/config file:

  Host remotePC
  User          acctB
  HostName      remotePC
  ProxyCommand  ssh AcctA@gatewayServer nc %h %p 2> /dev/null

which you can then use to connect or copy files simply by means of:

  ssh remotePC
  scp acctB@remotePC:/home/AcctB/somefile .

For this to work, you nee the netcat (nc) command installed on the gatewayServer.

If you really insist on a one-liner (but I can never remember all this stuff), here you go:

ssh -o "ProxyCommand ssh acctA@gatewayServer nc -w 1 %h 22" acctB@remotePC

and likewise for scp.

MariusMatutiae

Posted 2015-06-08T10:30:45.513

Reputation: 41 321

The .ssh/config is in my local PC or at the gatewayServer?

The one-liner didn't work, it still prompt for password. – user1340106 – 2015-06-10T01:21:36.757

It should be on your local machine. Try starting the ssh server, on the remote machine B, as follows: sudo service ssh stop; /usr/bin/sshd -Dd and then try to ssh/scp into it. It will send to the screen all sorts of useful debug info. If in doubt, post it. – MariusMatutiae – 2015-06-10T04:17:57.377

Asked: 2015-06-08T10:30:45.513

Viewed: 72 times

Active: 2015-06-09T08:28:52.503