Rsync between two remotes via a control server without agent forwarding or key sharing?











up vote
1
down vote

favorite












I have a control server (CS) that has SSH access to many others (H1, H2, etc). I would like CS to be able to initiate a rsync transfer between any two H* servers without those hosts knowing how to directly connect to each other.



I've looked at local/reverse port forwarding, but it seems that is only useful when H1 and H2 cannot directly talk to each other on the network. H1 still needs an authorized key on H2 for it to work, which is something I want to avoid.



Agent forwarding reads like it has the drawback of allowing an untrusted H1 to use any of my keys to the other hosts. I don't want H1 to gain access to anything else, only H2 for the duration of the transfer.



Is there a way I can establish SSH connections from CS to H1 and from CS to H2, and then have rsync (on either CS or H1) communicate via those channels to H2 without requiring additional authentication? Something like a command tunnel that is preauthorized?






ssh rsync forwarding







share|improve this question






















  • What software do the hosts run – all OpenSSH?
    – grawity
    Nov 16 at 8:13










  • Yes. OpenSSH on all servers, latest releases from CentOS and Ubuntu repos.
    – jimp
    Nov 16 at 18:09










  • Do you need rsync, or would scp work?
    – Gordon Davisson
    Nov 17 at 7:43










  • I’m actually using both. I would appreciate an answer for scp, so I don’t have to rewrite those commands, but I don’t think I can do without rsync because of its whole tree capabilities.
    – jimp
    Nov 17 at 15:03

















up vote
1
down vote

favorite












I have a control server (CS) that has SSH access to many others (H1, H2, etc). I would like CS to be able to initiate a rsync transfer between any two H* servers without those hosts knowing how to directly connect to each other.



I've looked at local/reverse port forwarding, but it seems that is only useful when H1 and H2 cannot directly talk to each other on the network. H1 still needs an authorized key on H2 for it to work, which is something I want to avoid.



Agent forwarding reads like it has the drawback of allowing an untrusted H1 to use any of my keys to the other hosts. I don't want H1 to gain access to anything else, only H2 for the duration of the transfer.



Is there a way I can establish SSH connections from CS to H1 and from CS to H2, and then have rsync (on either CS or H1) communicate via those channels to H2 without requiring additional authentication? Something like a command tunnel that is preauthorized?






ssh rsync forwarding







share|improve this question






















  • What software do the hosts run – all OpenSSH?
    – grawity
    Nov 16 at 8:13










  • Yes. OpenSSH on all servers, latest releases from CentOS and Ubuntu repos.
    – jimp
    Nov 16 at 18:09










  • Do you need rsync, or would scp work?
    – Gordon Davisson
    Nov 17 at 7:43










  • I’m actually using both. I would appreciate an answer for scp, so I don’t have to rewrite those commands, but I don’t think I can do without rsync because of its whole tree capabilities.
    – jimp
    Nov 17 at 15:03















up vote
1
down vote

favorite









up vote
1
down vote

favorite











I have a control server (CS) that has SSH access to many others (H1, H2, etc). I would like CS to be able to initiate a rsync transfer between any two H* servers without those hosts knowing how to directly connect to each other.



I've looked at local/reverse port forwarding, but it seems that is only useful when H1 and H2 cannot directly talk to each other on the network. H1 still needs an authorized key on H2 for it to work, which is something I want to avoid.



Agent forwarding reads like it has the drawback of allowing an untrusted H1 to use any of my keys to the other hosts. I don't want H1 to gain access to anything else, only H2 for the duration of the transfer.



Is there a way I can establish SSH connections from CS to H1 and from CS to H2, and then have rsync (on either CS or H1) communicate via those channels to H2 without requiring additional authentication? Something like a command tunnel that is preauthorized?






ssh rsync forwarding







share|improve this question













I have a control server (CS) that has SSH access to many others (H1, H2, etc). I would like CS to be able to initiate a rsync transfer between any two H* servers without those hosts knowing how to directly connect to each other.



I've looked at local/reverse port forwarding, but it seems that is only useful when H1 and H2 cannot directly talk to each other on the network. H1 still needs an authorized key on H2 for it to work, which is something I want to avoid.



Agent forwarding reads like it has the drawback of allowing an untrusted H1 to use any of my keys to the other hosts. I don't want H1 to gain access to anything else, only H2 for the duration of the transfer.



Is there a way I can establish SSH connections from CS to H1 and from CS to H2, and then have rsync (on either CS or H1) communicate via those channels to H2 without requiring additional authentication? Something like a command tunnel that is preauthorized?






ssh rsync forwarding




ssh rsync forwarding






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Nov 15 at 23:47









jimp

248212




248212












  • What software do the hosts run – all OpenSSH?
    – grawity
    Nov 16 at 8:13










  • Yes. OpenSSH on all servers, latest releases from CentOS and Ubuntu repos.
    – jimp
    Nov 16 at 18:09










  • Do you need rsync, or would scp work?
    – Gordon Davisson
    Nov 17 at 7:43










  • I’m actually using both. I would appreciate an answer for scp, so I don’t have to rewrite those commands, but I don’t think I can do without rsync because of its whole tree capabilities.
    – jimp
    Nov 17 at 15:03




















  • What software do the hosts run – all OpenSSH?
    – grawity
    Nov 16 at 8:13










  • Yes. OpenSSH on all servers, latest releases from CentOS and Ubuntu repos.
    – jimp
    Nov 16 at 18:09










  • Do you need rsync, or would scp work?
    – Gordon Davisson
    Nov 17 at 7:43










  • I’m actually using both. I would appreciate an answer for scp, so I don’t have to rewrite those commands, but I don’t think I can do without rsync because of its whole tree capabilities.
    – jimp
    Nov 17 at 15:03


















What software do the hosts run – all OpenSSH?
– grawity
Nov 16 at 8:13




What software do the hosts run – all OpenSSH?
– grawity
Nov 16 at 8:13












Yes. OpenSSH on all servers, latest releases from CentOS and Ubuntu repos.
– jimp
Nov 16 at 18:09




Yes. OpenSSH on all servers, latest releases from CentOS and Ubuntu repos.
– jimp
Nov 16 at 18:09












Do you need rsync, or would scp work?
– Gordon Davisson
Nov 17 at 7:43




Do you need rsync, or would scp work?
– Gordon Davisson
Nov 17 at 7:43












I’m actually using both. I would appreciate an answer for scp, so I don’t have to rewrite those commands, but I don’t think I can do without rsync because of its whole tree capabilities.
– jimp
Nov 17 at 15:03






I’m actually using both. I would appreciate an answer for scp, so I don’t have to rewrite those commands, but I don’t think I can do without rsync because of its whole tree capabilities.
– jimp
Nov 17 at 15:03

















active

oldest

votes











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














 

draft saved


draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1375843%2frsync-between-two-remotes-via-a-control-server-without-agent-forwarding-or-key-s%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown






























active

oldest

votes













active

oldest

votes









active

oldest

votes






active

oldest

votes
















 

draft saved


draft discarded



















































 


draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1375843%2frsync-between-two-remotes-via-a-control-server-without-agent-forwarding-or-key-s%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Список кардиналов, возведённых папой римским Каликстом III

Image
Папа Каликст III Кардиналы, возведённые Папой римским Каликстом III  — 9 прелатов и мирян были возведены в сан кардинала на двух Консисториях за трёхлетний понтификат Каликста III. Самой крупной консисторией были Консистория от 17 декабря 1456 года, на которой было возведено шесть кардиналов. Папа Каллист III хотел назвать отца Жан Сорета, O.Carm., епископом или кардиналом, но он отказался, потому что хотел посвятить себя своему ордену и продвижению религиозного рвения и соблюдения устава монашеского ордена. Консистория от 17 сентября 1456 года | Луис Хуан дель Мила, племянник Его Святейшества, епископ Сегорбе (королевство Арагон); Жайме Португальский, администратор архиепархии Лиссабона (королевство Португалия); Родриго де Борха-и-Борха, племянник Его Святейшества, ризничий Валенсии (Папская область). Консистория от 17 декабря 1456 года | Ринальдо Пишичелло, архиепископ Неаполя (Неаполитанское королевство); Хуан де Мелья, епископ Саморы (королевство Ка
Read more

Deduzione

Image
.mw-parser-output .nota-disambigua{clear:both;margin-bottom:.5em;border:1px solid #CCC;padding-left:4px}.mw-parser-output .nota-disambigua i{vertical-align:middle} Disambiguazione – Se stai cercando il teorema, vedi Teorema di deduzione . Disambiguazione – Se stai cercando il concetto di deduzione in economia, vedi deduzione fiscale . Il ragionamento deduttivo umano assimilato a un meccanismo Il metodo deduttivo o deduzione è il procedimento razionale che fa derivare una certa conclusione da premesse più generiche, dentro cui quella conclusione è implicita. Il termine significa letteralmente «condurre da», perché proviene dal latino "de" (traducibile con da , preposizione indicante provenienza, o moto di discesa dall'alto verso il basso) e "ducere" ( condurre ). Questo metodo parte da postulati e princìpi primi e, attraverso una serie di rigorose concatenazioni logiche, procede verso determinazioni più particolari attinenti alla realtà tangi
Read more

Mysql.sock missing - “Can't connect to local MySQL server through socket”

Image
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box; } 0 Operating System - OSX 10.11.2 MAMP version - 3.5 I'm following along with this guide, setting up wordpress with Xammp on PC and MAMP on Mac, where I'm in step "Mac - 4" is asked to input: "In the Terminal run: /Applications/MAMP/Library/bin/mysqladmin -u root -p password {Your Windows MySQL password here}" However, this (with out bracket text) results in error message: error: 'Can't connect to local MySQL server through socket '/Applications/MAMP/tmp/mysql/mysql.sock' (2)' Check that mysqld is running and that the socket: '/Applications/MAMP/tmp/mysql/mysql.sock'
Read more