- The same username is used at both the proxy host and the destination host.
- The "nc" format for host and port changes with your distribution of linux.
- Compression is turned off for the intermediate proxy_host leg and turned on for the end-to-end connection with dest_host.
- To make ssh agent forwarding work, remember to:
- allow "Agent Forwording" from your ssh client at the source_host (/etc/ssh/ssh_config),
- allow "Agent Forwarding" on sshd on the proxy_host (/etc/ssh/sshd_config) AND restart sshd.
rsync -avP -e 'ssh -o "ProxyCommand ssh <proxy_host> exec nc %h %p 2>/dev/null"' <user>@<dest_host>:<remote_path> <local_path>
If you configure ~/.ssh/config then you can dramatically shorten the above command:
Host <dest_host_nickname> user <username> GSSAPIAuthentication no Hostname <dest_host as known by the proxy_host> Compression no ForwardAgent yes ProxyCommand ssh -C <proxy_host> exec nc %h %p
...the same rsync command becomes:
rsync -avP <user>@<dest_host_nickname>:<remote_path> <local_path>
Naturally this means you can also SSH straight to the final destination with the same ~/.ssh/config block:
ssh <user>@<dest_host_nickname>
Code blocks were created by http://markup.su/highlighter/ and pasted into this post while in HTML mode.
