Hi

I've three machines connected

M1 ---- M2 ---- M3

M1 can't access M3 or viceversa. (security issues)

So I'm sitting on M2 and want to issue something like

scp M1:~/file1 M3:~/

But unfortunately ssh goes to machine M1 to do scp to M3, which
is not valid.

However if I do
scp M1:~/file1 /tmp/
scp /tmp/file1 M3:~/

everything is fine, probably I am simply ignorant, is there a nice way to ask ssh to not assume ssh client on the source machine?

There are other two solutions I know of
a) Use nc to cat the file over network, and let ssh carry it securely.
b) Use sshfs, to do the second copy instead of actually maintaining a local copy.

But the nice thing would be an argument to scp that makes it possible, (and I believe there must be one) that does something like (a) or better.

Regards.

The tunnel config examples in http://souptonuts.sourceforge.net/sshtips.htm could help.

I don't want to compensate security on these machines either by opening new ports

Any more requirements you forgot to post?

Thanks for pointing the links, I am aware of most of the ways in which these are handled. In my case machine M2 should be doing all the scripting. M1 and M3 shall expose only ssh to M2, and only to M2 and other trusted machines.

So sitting in M2 it should be able to send file from M1 to M3.

It would have been nice if we can do something like (which doesn't work)

mkfifo temp
scp M1:file ./temp &
scp ./temp M3:file

But scp needs a proper file not a fifo.

nc would have worked nice if M1/M3 had nc installed which is not the case.

In fact M1 and M3 has only ssh (which can be run with my privileges)

-Atul

How much is M2 trusted? Can it be trusted to hold a private ssh identity allowed to ssh to M1/M3 without password? If yes, you can use Well, it works for me somehow reasonably even if I do have to type some passwords, but your mileage may vary.

Excellent! But it still needs cat on machine M1, which I've to check.