openssh unix dev - Dec 2020 - Transferring files between servers on a private network?

This command transfers a file from Machine B to Machine A:

scp -3 -o StrictHostKeyChecking=no -i ~/.ssh/secret.pem -o \
ProxyCommand="ssh -o StrictHostKeyChecking=no \
-i ~/.ssh/secret.pem -W %h:%p admin at 7.7.7.7" \
admin at 192.168.1.20:/home/admin/file.pdf admin at 192.168.1.10:/home/admin

Machine A has the public IP of 7.7.7.7 and a private IP of 192.168.10.

Machine B has the private IP of 192.168.1.20.

The goal of the command is to log into Machine A on the public network at
7.7.7.7 and then transfer files from from B to A strictly across the
private network.

Though the command works and transfers files between machines, I'm not sure
if it does it strictly over the private network. How can I be sure the file
isn't going from B to A over the private network and then down to my local
machine over the public network and then back up to A over the public
network and then back to A on the private network? Is there an easy way to
trace the path of the file between machines?

On 09/12/2020 17:48, Steve Dondley wrote:
> Though the command works and transfers files between machines, I'm not
sure
> if it does it strictly over the private network. How can I be sure the file
> isn't going from B to A over the private network and then down to my
local
> machine over the public network and then back up to A over the public
> network and then back to A on the private network?
It *is* going up to your local client and back again: -3 (third party 
copy) does exactly that. It makes separate ssh connections to the two 
hosts (which is why the ProxyCommand is required in your case), slurps 
the file from the left-hand host and uploads it to the right-hand host.

If you don't want to do that, then omit the -3.? Then it will login to 
left-host, and instruct it to copy the given file to right-host.? 
However you may need to use agent forwarding so that left-host can 
authenticate to right-host.