rsync through multiple ssh hops with password authentication prompt

Matt McCutchen hashproduct at
Wed Oct 19 20:50:03 GMT 2005


The trouble in all three cases is that rsync expects to have the SSH
data stream to "middle" all to itself, but you need to slip a password
into this stream first so that the connection to "target" can be made.

Here's what I think would be easiest.  If ssh's input is not a terminal,
but $DISPLAY is set, it tries to use a graphical password-prompting
program specified by $SSH_ASKPASS.  Put such a program on "middle" if
you don't already have one, and configure "middle" so that $SSH_ASKPASS
will be appropriately set even though the shell that handles the second
SSH command will not be a login shell (this means ~/.bashrc or
~/.ssh/environment, not ~/.bash_profile).  Then, enable X forwarding on
the connection to "middle".  The second SSH will pop up a graphical
password prompt, which will rattle through the first SSH to your screen.

This would be the command:
	rsync -e "ssh -X middle ssh target" :/path/to/remote/file .
However, I consider the following more elegant because the -e argument
specifies not the remote machine but the way of getting there:
	rsync -e "ssh -X middle ssh" target:/path/to/remote/file .

I successfully used this technique to pull a file to my computer from a
computer on my school's network via an intermediary on that network.
Matt McCutchen, ``hashproduct''
hashproduct at --

More information about the rsync mailing list