0

I have a nested SSH authentification through which I would like to transfer a file with SCP. To login I have to follow this process:

$ ssh external_user@external_host
// It prompts me for my external_password [a]
// It directly prompts me for my internal_user [b]
// Then it prompts a final time for my internal_password [c]

How can I SCP a file through such a SSH login process? (note, I never have to type the internal_host address, because once I typed my external_password at step [a], I immediately get told that it's trying to get me connecting to internal_host and that I need to type my internal_username

(when I simply try for scp external_user@external_host:myfile myfile it tells me that I'm connecting to an invalid target)

I've also tried with SFTP, but doing sftp external_user@external_host asks for my external_password and then I'm getting kick out with an invalid target message instead of getting asked for my internal_user.

Also, as suggested by one of the comment I tried scp -o ProxyJump=external_user@external_host test.txt internal_user@internal_host:test.txt, but it also kicked me after typing my external_password :

Received disconnect from UNKNOWN port 65535:11: Disconnection
Disconnected from UNKNOWN port 65535
ssh_exchange_identification: Connection closed by remote host

I found a possible solution but that will not work in my case since it requires a dependancy (lrzsz) on the final host, but it might works for some other users in a similar situation : https://github.com/mtatton/zssh

Florentin Le Moal
  • 9
  • Search here for "ssh tunnel" or "ssh proxy". That should get you a load of answers that relate to the same issue – Chris Davies Mar 17 '22 at 11:18
  • @roaima The thing is I'm not typing an ssh command to login the second time, it directly prompts for the login I want to use on the internal_host. And I didn't find any similar case while searching for a solution – Florentin Le Moal Mar 17 '22 at 11:20
  • @mashuptwice No, if it's doable with SFTP then I'm all in, but doing sftp external_user@external_host asks for my external_password and then I'm getting kick out with an invalid target message instead of getting asked for my internal_user – Florentin Le Moal Mar 17 '22 at 11:39
  • @FlorentinLeMoal could you elaborate on the exact setup of your internal and external host and how the login process works? Currently it is unclear If we are talking about one or multiple machines. – mashuptwice Mar 17 '22 at 12:11
  • See How can I transfer files from my local system to another via a gateway system (and vice versa) fia SSH/SFTP? – Martin Prikryl Mar 17 '22 at 12:14
  • 1
    it looks you either have a implicit ssh somewhere you didn't master or using some kind of active directory setting. Have you asked your local IT team ? (that is if you are not the local IT team) – Archemar Mar 17 '22 at 13:30
  • Hi, sorry if it's still unclear. Basically how I login is via ssh to something like a captive SSH portal (ssh external_user@external_host), then I type my user password, and then instead of having a regular shell session (like bash), it tells me that it will now connect me to an other internal_host (not visible from my perspective) and it asks me for my internal_user (not the same one I used for the ssh. command), I press enter and them my internal_password, and enter again. – Florentin Le Moal Mar 18 '22 at 15:44
  • I wish I could have technical details from the IT team so I could at least know how they setup this process, but they're not interested to solve this case since from their perspective I'm able to login and that's it ... – Florentin Le Moal Mar 18 '22 at 15:46
  • @MartinPrikryl I tried but without success, I edited my message to explain it – Florentin Le Moal Mar 18 '22 at 16:01
  • Well, if you have some custom "portal" solution, you will have to use features of the portal. We do know anything about your "portal" solution. And it's quite possible that it does not allow SCP anyway. – Martin Prikryl Mar 18 '22 at 18:12

0 Answers0