rsync through multiple ssh hops with password authentication prompt

Wayne Davison wayned at
Thu Oct 20 16:25:01 GMT 2005

On Thu, Oct 20, 2005 at 01:15:54AM +0100, Manuel L?pez-Ib??ez wrote:
> For example, isn't it possible for the root of middle (or some
> attacker) to get my keys and use them?

No, that's not how ssh keys work at all.  Firstly, you only need to put
the *public key* on the middle host and the destination host, not your
private key (which only needs to be on your local system).  Secondly,
you should have encrypted your private key on your own host, so that it
must be decrypted with a pass phrase.  This makes everything work
securely.  As long as ssh is configured to forward the ssh-agent data,
the remote systems will allow a chain of ssh accesses that originates
from your local system (which will have prompted you for the key's pass
phrase only at the first use of the key).  This is a much better way to
configure ssh than to try to do multiple hops using passwords.


More information about the rsync mailing list