Re: Transferring files between servers on a private network?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Ok, thanks for the insight.

Yeah, I was trying to avoid agent forwarding because of the advice I've
seen to avoid it, if possible. I'm trying to figure out what the best
practice might be so I wanted to see how this could be done in the most
secure manner possible.

Only other method I can think of is to have a third machine, machine C,
that is only available on the private network and contains the private key
for all the other machines. So I'd log into machine C via some bastion/jump
server. Machine C would hold the private the key used by machine B and
machine A and I could use it to transfer files between machines A and B.



On Wed, Dec 9, 2020 at 1:14 PM Brian Candler <b.candler@xxxxxxxxx> wrote:

> On 09/12/2020 17:48, Steve Dondley wrote:
> > Though the command works and transfers files between machines, I'm not
> sure
> > if it does it strictly over the private network. How can I be sure the
> file
> > isn't going from B to A over the private network and then down to my
> local
> > machine over the public network and then back up to A over the public
> > network and then back to A on the private network?
>
> It *is* going up to your local client and back again: -3 (third party
> copy) does exactly that. It makes separate ssh connections to the two
> hosts (which is why the ProxyCommand is required in your case), slurps
> the file from the left-hand host and uploads it to the right-hand host.
>
> If you don't want to do that, then omit the -3.  Then it will login to
> left-host, and instruct it to copy the given file to right-host.
> However you may need to use agent forwarding so that left-host can
> authenticate to right-host.
>
>

-- 
Prometheus Labor Communications, Inc.
http://prometheuslabor.com
413-572-1300

UnionConnect Phone App for Labor Unions
http://unionconnect.com
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux