[GTALUG] for multi-hop ssh/scp: option "ProxyJump"
D. Hugh Redelmeier
hugh at mimosa.com
Sat Aug 29 11:55:30 EDT 2020
I'm away from home, regularly accessing my computers at home.
Easy: ssh into a gateway machine and ssh from there into the internal
machine of my choice. Nested ssh sessions.
It gets a little more annoying when I want to transfer a file.
The new-to-me ssh/scp option "ProxyJump" handles this conveniently.
Consider the example of transferring a file "f" from machine "home"
through machine "gw" to machine "away", all done from an xterm on
"away".
Note: because "away" is behind NAT, "gw" cannot scp to it.
Note: -A enables ssh-agent to avoid some manual authentication
Note: things become more complicated if f has slashes.
[away] $ ssh -A gw
[gw] $ scp -p home:f .
[gw] $ exit
[away] $ scp -p gw:f .
[away] $ ssh -A gw
[gw] $ rm f
[gw] $ exit
This can be simplified because the ssh command allows shell commands
as arguments. That's not a habit I've developed.
[away] $ ssh -A gw scp -p home:f .
[away] $ scp -p gw:f .
[away] $ ssh -A gw rm f
The ProxyJump option makes this a lot simpler:
[away] $ scp -p -o 'ProxyJump gw' home:f .
I have no need for more than one intermediate hop so I haven't figured out
how that would work.
More information about the talk
mailing list