[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#351489: openssh-client: fails to RSA authenticate between distinct remote hosts



Package: openssh-client
Version: 1:4.2p1-5
Severity: normal
Tags: upstream

I have RSA pubkey auth set up on a few machines, so scp works without
asking for a passphrase for those machines, when one file is remote
and one file is local:

  scp justinpryzby.com:s.php /tmp
  scp /tmp/s.php justinpryzby.com:

It also works when both files are remote and on the same host:

  scp justinpryzby.com:s.php justinpryzby.com:t.php

But it doesn't work when transferring between distinct remote hosts:

  scp justinpryzby.com:s.php cyberia.stlawu.edu:/tmp

scp -v indicates that authentication is successful for j/p.com, but
fails for cyberia.  It seems that scp is connecting to j/p.com, and
then sending an scp command requesting that s.php be sent from the
localhost (j/p.com) to cyberia.

I agree that it is not optimal for files to all be transferred to my
local host (the one sending the initial scp command) as an
intermediate step, and that it is more efficient to connect to the
ultimate destination machine.  Then, only some commands must be sent
between me and it, and not an arbitrarily large amount of data.

But it isn't intuitive that this is how it works.

If this is intended, then I think it should be better documented:

-Copies between two remote hosts are permitted.
+Copies between two remote hosts are permitted and are implemented
+efficiently by connecting to host2, and sending scp commands
+requesting the files from [[user@]host1]... over scp.  This avoids
+transferring the files intermediately to the host sending the initial
+scp command; a given datafile is only ever sent between 2 hosts.




Reply to: