Rsync files via intermediate host

linux ssh rsync scp

34,415

Solution 1

This question is essentially answered elsewhere, including here for scp and here for rsync. Since the latter includes my answer, but no answer was accepted, I'll repeat it here.

As you noted, you can use rsync's -e | --rsh option, but it's going to be a bit more complicated:

rsync -azv -e 'ssh -o "ProxyCommand ssh -A PROXYHOST -W %h:%p"' foo/ dest:./foo/

Or, if your version of ssh is new enough (OpenSSH >= v7.3), you can use the -J (ProxyJump) option

rsync -azv -e 'ssh -A -J USER@PROXYHOST:PORT' foo/ dest:./foo/

Note that I'm using -A (agent forwarding) but it should also work with password authentication if you don't use keys, and, of course, you can replace proxy with B and dest with C in your example.

If by chance you don't have a new enough ssh version (>= 5.3, IIRC), you can use netcat instead of -W option to ssh:

rsync -azv -e 'ssh -o "ProxyCommand ssh -A PROXYHOST nc %h %p"' foo/ dest:./foo/

Finally, as noted in comments already, you can put the ProxyCommand into your $HOME/.ssh/config file so you don't have to have such a complicated command line. Specifically, add something like this:

Host C
  ProxyCommand ssh -A PROXYHOST -p 22 -W %h:%p

Or, using ProxyJump for OpenSSH >= v 7.3:

Host C
  ProxyJump PROXYHOST

Then you should be able to just do:

rsync -azv foo/ C:./foo/

Solution 2

Here is how to copy data from local machine to target machine with the bastion machine sitting in between the two (progress bar included):

rsync -r --info=progress2 -e 'ssh -J bastion-user@bastion-host:22' local-file-path target-machine-user@target-machine-host:target-machine-save-location

34,415

GLaDER

Updated on September 18, 2022

Comments

GLaDER over 1 year

I am currently away from my LAN and I need to do a backup of my laptop. I have a somewhat recent copy of my laptop on my server and I usually back the laptop up using rsync. Now I wish to do that, but outside of my LAN.

In short I want to send data from A to C via B, where A is my laptop, B my router and C my server.

I found this command: A$ scp -oProxyCommand="ssh B nc %h %p" thefile C:destination, that works fine for transferring files via scp - but since I already have most of the data on my server I wish to use rsync to only sync the delta.

I have tried: A$ rsync file -e 'ssh B ssh' C, and that works as far as I am prompted to give the password for user:C. However, when I enter the password nothing happens. The router is running Tomato v1.28 and I am unable to set it up to utilize an ssh config file to enable it to log onto C w/o a password.

Any ideas on how to make this work?
- Jakuje over 7 years
  
  use the same ProxyCommand in the configuration file. Rsync should pick that up.
Michael about 4 years

I can ssh from PROXYHOST to dest without a password, but when I use -J (with or without -A) it's prompting me for a password. how do i not get prompted like when i'm directly on PROXYHOST?
crimson-egret about 4 years

ProxyJump (or ProxyCommand) directives have no influence over password prompts. In my examples, I assumed an ssh key on your localhost that you use ssh-agent forwarding to avoid password prompts. I DISCOURAGE using passphrase-less ssh keys ANYWHERE, and especially on the PROXYHOST. This is not really an answer to your question, but that's mostly because there are not enough details to be able to answer completely.
Adnan almost 3 years

I tried to figure it out about 8 hours but no luck. I have same public key on both intermediate and destination server and use this commad to comnect destination but it's prompts for password: ssh -i ~/.ssh/id_rsa -J user@intermediate-server user@destination-server
crimson-egret almost 3 years

I would suggest trying with just ssh and use the -v* option to test your ssh connection before putting rsync in the mix. I