Should I be able to scp between two remote hosts?

Even with ssh-agent running and both private keys activated, I can
never get scp to work directly between two remote hosts, but I can do
it indirectly by copying to and from the local host:


$ scp foo:~/test.txt bar:~/
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,password,keyboard-interactive).
lost connection

$ scp foo:~/test.txt .
test.txt 100% 1166 1.1KB/s 00:00

$ scp test.txt bar:~/
test.txt 100% 1166 1.1KB/s 00:00


Is the failure of the first command above normal, or have I
misconfigured something?

Thanks,
Adam

Re: Should I be able to scp between two remote hosts?

>>>>> "AF" == Adam Funk writes:

AF> Even with ssh-agent running and both private keys activated, I can
AF> never get scp to work directly between two remote hosts, but I can
AF> do it indirectly by copying to and from the local host:


AF> $ scp foo:~/test.txt bar:~/ Permission denied, please try again.
AF> Permission denied, please try again. Permission denied
AF> (publickey,password,keyboard-interactive). lost connection

AF> $ scp foo:~/test.txt . test.txt 100% 1166 1.1KB/s 00:00

AF> $ scp test.txt bar:~/ test.txt 100% 1166 1.1KB/s 00:00


AF> Is the failure of the first command above normal, or have I
AF> misconfigured something?

AF> Thanks, Adam

"scp foo:bar baz:blurfl" runs (essentially) "ssh foo scp bar baz:blurfl",
so authentication has to work from foo to bar directly.

--
Richard Silverman
res@qoxp.net

Re: Should I be able to scp between two remote hosts?

On 2007-12-04, Richard E. Silverman wrote:

>>>>>> "AF" == Adam Funk writes:
>
> AF> Even with ssh-agent running and both private keys activated, I can
> AF> never get scp to work directly between two remote hosts, but I can
> AF> do it indirectly by copying to and from the local host:
>
>
> AF> $ scp foo:~/test.txt bar:~/ Permission denied, please try again.
> AF> Permission denied, please try again. Permission denied
> AF> (publickey,password,keyboard-interactive). lost connection
>
> AF> $ scp foo:~/test.txt . test.txt 100% 1166 1.1KB/s 00:00
>
> AF> $ scp test.txt bar:~/ test.txt 100% 1166 1.1KB/s 00:00
>
>
> AF> Is the failure of the first command above normal, or have I
> AF> misconfigured something?
>
> AF> Thanks, Adam
>
> "scp foo:bar baz:blurfl" runs (essentially) "ssh foo scp bar baz:blurfl",
> so authentication has to work from foo to bar directly.

Aha, I understand. The problem isn't my configuration but that I was
trying to do something that turns out to be unreasonable --- although
man scp makes it sound OK.

Thanks for the explanation.

Re: Should I be able to scp between two remote hosts?

At 2007-12-03 11:47PM, "Richard E. Silverman" wrote:
> >>>>> "AF" == Adam Funk writes:
> AF> Even with ssh-agent running and both private keys activated, I can
> AF> never get scp to work directly between two remote hosts, but I can
> AF> do it indirectly by copying to and from the local host:
[...]
> "scp foo:bar baz:blurfl" runs (essentially) "ssh foo scp bar baz:blurfl",
> so authentication has to work from foo to bar directly.

The ssh "-A" option for agent forwarding would be useful here. Anyone
know why scp does not have that option?

--
Glenn Jackman
"You can only be young once. But you can always be immature." -- Dave Barry

Re: Should I be able to scp between two remote hosts?

In article Glenn Jackman
writes:
>At 2007-12-03 11:47PM, "Richard E. Silverman" wrote:
>> >>>>> "AF" == Adam Funk writes:
>> AF> Even with ssh-agent running and both private keys activated, I can
>> AF> never get scp to work directly between two remote hosts, but I can
>> AF> do it indirectly by copying to and from the local host:
>[...]
>> "scp foo:bar baz:blurfl" runs (essentially) "ssh foo scp bar baz:blurfl",
>> so authentication has to work from foo to bar directly.
>
>The ssh "-A" option for agent forwarding would be useful here. Anyone
>know why scp does not have that option?

Or at least '-oForwardAgent yes', but all -o options are thrown away
when doing remote-to-remote - does anyone know why *that* is? However if
you have (a carefully guarded) 'ForwardAgent yes' in your ssh_config, it
will apply to the initial ssh leg of scp remote-to-remote too... - and
can't be overridden with '-oForwardAgent no' on the commandline, since
that is thrown away...

--Per Hedeland
per@hedeland.org