I often seem to find myself in this scenario: - I SSH into Server A using my personal key - I SSH into Server B using my personal key I find files I need on B that I need to transfer from B
Usually the files are quite small so I'll just transfer them to my own PC as an intermediary. But I now need to transfer about 30GB from A to B so it seems like the right time to find a better way.
I don't really want to have to give A permanent access to B (albeit I can always delete the key later, it seems like the sort of thing that would get forgotten).
On Thu, Nov 09, 2023 at 12:22:43PM +0000, Mark Rogers wrote:
I often seem to find myself in this scenario:
- I SSH into Server A using my personal key
- I SSH into Server B using my personal key
I find files I need on B that I need to transfer from B
Usually the files are quite small so I'll just transfer them to my own PC as an intermediary. But I now need to transfer about 30GB from A to B so it seems like the right time to find a better way.
I don't really want to have to give A permanent access to B (albeit I can always delete the key later, it seems like the sort of thing that would get forgotten).
Use an SSH agent on your local machine, login to A forwarding the agent (ssh -A HostA) then use scp on A to pull the file from B? Your key never leaves your desktop, but can be used on A while you're connected.
(For added paranoia add the key to the agent with "ssh-add -c" so that all use has to be confirmed.)
J.
On Thu, 9 Nov 2023 at 12:31, Jonathan McDowell noodles@earth.li wrote:
Use an SSH agent on your local machine, login to A forwarding the agent (ssh -A HostA) then use scp on A to pull the file from B? Your key never leaves your desktop, but can be used on A while you're connected.
That sounds like what I need but I'm afraid I don't know enough to work through the steps.
I'm either connecting from the (open)ssh commandline on my Linux box or via PuTTY on a Windows box - I have at least used an SSH agent on the latter (pageant) but I don't know how it fits in here, and I don't recall ever using an agent on my Linux (Ubuntu) box.
Will this method of transferring files send them from A -> B, or is it A -> My PC -> B (from a network PoV)? A and B have very good connectivity between them, my PC is over a poor(ish) VDSL link.
On Thu, Nov 09, 2023 at 12:46:23PM +0000, Mark Rogers wrote:
On Thu, 9 Nov 2023 at 12:31, Jonathan McDowell noodles@earth.li wrote:
Use an SSH agent on your local machine, login to A forwarding the agent (ssh -A HostA) then use scp on A to pull the file from B? Your key never leaves your desktop, but can be used on A while you're connected.
That sounds like what I need but I'm afraid I don't know enough to work through the steps.
I'm either connecting from the (open)ssh commandline on my Linux box or via PuTTY on a Windows box - I have at least used an SSH agent on the latter (pageant) but I don't know how it fits in here, and I don't recall ever using an agent on my Linux (Ubuntu) box.
Try "ssh-add -l" - if you have a running SSH agent it should return without error, if you don't it'll say something like "Error connecting to agent". GNOME has one running by default.
Assuming it's running, do:
ssh-add -c <path to your privatekeyfile>
And then:
ssh HostA
A dialog should pop up asking you to confirm the use of the key, then you'll log into HostA. If you don't do the "-c" bit to ssh-add then you aren't asked to confirm usage. I prefer it when I'm forwarding connections.
"ssh -A <host>" will forward the agent so that your connection on <host> can then use the agent. An "ssh hostB" from host A should then pop up the confirmation dialog again, and log you in.
Will this method of transferring files send them from A -> B, or is it A -> My PC -> B (from a network PoV)? A and B have very good connectivity between them, my PC is over a poor(ish) VDSL link.
The files will go between A + B, only the initial authentication bit comes back to your local PC.
J.
On Thu, 9 Nov 2023 at 12:58, Jonathan McDowell noodles@earth.li wrote:
Try "ssh-add -l"
Responds "The agent has no identities" which sounds right.
ssh-add -c <path to your privatekeyfile> ssh HostA
$ ssh-add -c /path/to/my/key Enter passphrase for /path/to/my/key (will confirm each use): Identity added: /path/to/my/key (/path/to/my/key) The user must confirm each use of the key $ ssh user@host.example.co.uk sign_and_send_pubkey: signing failed for RSA "/path/to/my/key" from agent: agent refused operation user@host.example.co.uk: Permission denied (publickey).
What am I doing wrong?
If I drop the "-c" it works - and that's allowed me to transfer the files I need, but I agree that password prompting would be preferred.
It happens that I use the same key for accessing both these servers, but if I used different ones would this still work (assuming I'd added both using ssh-add before I connected)?
The files will go between A + B, only the initial authentication bit comes back to your local PC.
Perfect!
On Thu, 9 Nov 2023 at 13:53, Mark Rogers mark@more-solutions.co.uk wrote:
Perfect!
Well, almost!
What if some of the files I need to copy aren't accessible by the user I'm logging in with (ie I'd need sudo to access them locally)?
-
Jonathan McDowell -
Mark Rogers