scp's ability to copy between two remote hosts has always seemed of very limited use to me, since the first remote host must be able to establish an ssh connection to the second host. This is really a case where agent forwarding comes in handy. Currently you can already do scp -oForwardAgent=yes host1:foo host2: and the patch below adds the -A flag as a shortcut: scp -A host1:foo host2: Note that this will forward the agent connection to host1 only. Index: scp.1 ==================================================================RCS file: /cvs/src/usr.bin/ssh/scp.1,v retrieving revision 1.85 diff -u -p -r1.85 scp.1 --- scp.1 26 Jan 2019 22:41:28 -0000 1.85 +++ scp.1 31 Mar 2019 10:46:03 -0000 @@ -18,7 +18,7 @@ .Nd secure copy (remote file copy program) .Sh SYNOPSIS .Nm scp -.Op Fl 346BCpqrTv +.Op Fl 346ABCpqrTv .Op Fl c Ar cipher .Op Fl F Ar ssh_config .Op Fl i Ar identity_file @@ -83,6 +83,11 @@ to use IPv4 addresses only. Forces .Nm to use IPv6 addresses only. +.It Fl A +Enables forwarding of the authentication agent connection for copies +between two remote hosts. +This option is directly passed to +.Xr ssh 1 . .It Fl B Selects batch mode (prevents asking for passwords or passphrases). .It Fl C Index: scp.c ==================================================================RCS file: /cvs/src/usr.bin/ssh/scp.c,v retrieving revision 1.204 diff -u -p -r1.204 scp.c --- scp.c 10 Feb 2019 11:15:52 -0000 1.204 +++ scp.c 31 Mar 2019 10:43:21 -0000 @@ -404,7 +404,7 @@ main(int argc, char **argv) fflag = Tflag = tflag = 0; while ((ch = getopt(argc, argv, - "dfl:prtTvBCc:i:P:q12346S:o:F:J:")) != -1) { + "dfl:prtTvABCc:i:P:q12346S:o:F:J:")) != -1) { switch (ch) { /* User-visible flags. */ case '1': @@ -437,6 +437,9 @@ main(int argc, char **argv) if (sshport <= 0) fatal("bad port \"%s\"\n", optarg); break; + case 'A': + addargs(&remote_remote_args, "-A"); + break; case 'B': addargs(&remote_remote_args, "-oBatchmode=yes"); addargs(&args, "-oBatchmode=yes"); @@ -1566,7 +1569,7 @@ void usage(void) { (void) fprintf(stderr, - "usage: scp [-346BCpqrTv] [-c cipher] [-F ssh_config] [-i identity_file]\n" + "usage: scp [-346ABCpqrTv] [-c cipher] [-F ssh_config] [-i identity_file]\n" " [-J destination] [-l limit] [-o ssh_option] [-P port]\n" " [-S program] source ... target\n"); exit(1); -- Christian "naddy" Weisgerber naddy at mips.inka.de