Server to Server SCP through the bastion

[RomainL972]

Hi,

We've been using The Bastion at our organization for some time and I noticed that it's not possible to use SCP to copy a file from one host on the bastion to another one also on the bastion. Is that a limitation of the software or is there some configuration needed ?

Thanks.

[speed47]

Hello,

This is not supported (yet). I checked and it seems that when you type the following command from machine A:

user@A$ scp B:file C:file

This is what happens:

• A connects through ssh to B, and launches the command scp file C:file on B
• B connects through ssh to C, and launches the command scp -t

With a bastion between A and the rest of the infrastructure, this would mean:

• A connects through the bastion to B, and launches the command scp file C:file on B
• B connects directly through ssh to C (no bastion there), and launches the command scp -t

In both cases, this implies that B needs to have direct access to C.

I'll check if this can work with some minor adjustments to the code.

[speed47]

This should be doable, however in the meantime, you should be able to do, if your bastion alias is bssh, instead of:

scp -S ~/scp_bastion server1:file1 server2:file2

Try this:

bssh server1 -- scp file1 server2:file2

It's functionally equivalent, and what happens under the hood if you use scp directly with 2 remote servers. If you have the chance to test this with your setup, can you confirm it works?

[RomainL972]

Hi, what I want to do is to download a file from a server behind the bastion, and to upload it to another server also behind the bastion, like what is shown here : https://unix.stackexchange.com/a/184435