Brian Candler
2020-Dec-09 18:14 UTC
Transferring files between servers on a private network?
On 09/12/2020 17:48, Steve Dondley wrote:> Though the command works and transfers files between machines, I'm not sure > if it does it strictly over the private network. How can I be sure the file > isn't going from B to A over the private network and then down to my local > machine over the public network and then back up to A over the public > network and then back to A on the private network?It *is* going up to your local client and back again: -3 (third party copy) does exactly that. It makes separate ssh connections to the two hosts (which is why the ProxyCommand is required in your case), slurps the file from the left-hand host and uploads it to the right-hand host. If you don't want to do that, then omit the -3.? Then it will login to left-host, and instruct it to copy the given file to right-host.? However you may need to use agent forwarding so that left-host can authenticate to right-host.
Steve Dondley
2020-Dec-09 18:45 UTC
Transferring files between servers on a private network?
Ok, thanks for the insight. Yeah, I was trying to avoid agent forwarding because of the advice I've seen to avoid it, if possible. I'm trying to figure out what the best practice might be so I wanted to see how this could be done in the most secure manner possible. Only other method I can think of is to have a third machine, machine C, that is only available on the private network and contains the private key for all the other machines. So I'd log into machine C via some bastion/jump server. Machine C would hold the private the key used by machine B and machine A and I could use it to transfer files between machines A and B. On Wed, Dec 9, 2020 at 1:14 PM Brian Candler <b.candler at pobox.com> wrote:> On 09/12/2020 17:48, Steve Dondley wrote: > > Though the command works and transfers files between machines, I'm not > sure > > if it does it strictly over the private network. How can I be sure the > file > > isn't going from B to A over the private network and then down to my > local > > machine over the public network and then back up to A over the public > > network and then back to A on the private network? > > It *is* going up to your local client and back again: -3 (third party > copy) does exactly that. It makes separate ssh connections to the two > hosts (which is why the ProxyCommand is required in your case), slurps > the file from the left-hand host and uploads it to the right-hand host. > > If you don't want to do that, then omit the -3. Then it will login to > left-host, and instruct it to copy the given file to right-host. > However you may need to use agent forwarding so that left-host can > authenticate to right-host. > >-- Prometheus Labor Communications, Inc. http://prometheuslabor.com 413-572-1300 UnionConnect Phone App for Labor Unions http://unionconnect.com