How can I use scp to aquire a file from a server via a bastion with ssh forwarding?











up vote
0
down vote

favorite












I'm wondering how to copy a file with scp (or a better way if possible) and allow ssh key forwarding. I've read a lot of posts on how to do this closely, but not with ssh forwarding, or the -A equivalent we get with ssh.



Backstory - I have keys added with the method-



ssh-add mkey.pem
so that I can ssh into a bastion host with those stored keys like so...
[localhost]$ ssh -A user@bastion



...and then ssh into the server from the bastion, which will automatically use the ssh keys added from the localhost.
[bastion]$ ssh -A user@server



However, scp doesn't have an equivalent -A function to use a stored key from the localhost, which prevents you from having to store the key on the bastion.



What is the ideal approach to copying a file from a server via a bastion host that requires ssh keys for access?










share|improve this question


























    up vote
    0
    down vote

    favorite












    I'm wondering how to copy a file with scp (or a better way if possible) and allow ssh key forwarding. I've read a lot of posts on how to do this closely, but not with ssh forwarding, or the -A equivalent we get with ssh.



    Backstory - I have keys added with the method-



    ssh-add mkey.pem
    so that I can ssh into a bastion host with those stored keys like so...
    [localhost]$ ssh -A user@bastion



    ...and then ssh into the server from the bastion, which will automatically use the ssh keys added from the localhost.
    [bastion]$ ssh -A user@server



    However, scp doesn't have an equivalent -A function to use a stored key from the localhost, which prevents you from having to store the key on the bastion.



    What is the ideal approach to copying a file from a server via a bastion host that requires ssh keys for access?










    share|improve this question
























      up vote
      0
      down vote

      favorite









      up vote
      0
      down vote

      favorite











      I'm wondering how to copy a file with scp (or a better way if possible) and allow ssh key forwarding. I've read a lot of posts on how to do this closely, but not with ssh forwarding, or the -A equivalent we get with ssh.



      Backstory - I have keys added with the method-



      ssh-add mkey.pem
      so that I can ssh into a bastion host with those stored keys like so...
      [localhost]$ ssh -A user@bastion



      ...and then ssh into the server from the bastion, which will automatically use the ssh keys added from the localhost.
      [bastion]$ ssh -A user@server



      However, scp doesn't have an equivalent -A function to use a stored key from the localhost, which prevents you from having to store the key on the bastion.



      What is the ideal approach to copying a file from a server via a bastion host that requires ssh keys for access?










      share|improve this question













      I'm wondering how to copy a file with scp (or a better way if possible) and allow ssh key forwarding. I've read a lot of posts on how to do this closely, but not with ssh forwarding, or the -A equivalent we get with ssh.



      Backstory - I have keys added with the method-



      ssh-add mkey.pem
      so that I can ssh into a bastion host with those stored keys like so...
      [localhost]$ ssh -A user@bastion



      ...and then ssh into the server from the bastion, which will automatically use the ssh keys added from the localhost.
      [bastion]$ ssh -A user@server



      However, scp doesn't have an equivalent -A function to use a stored key from the localhost, which prevents you from having to store the key on the bastion.



      What is the ideal approach to copying a file from a server via a bastion host that requires ssh keys for access?







      ssh scp forwarding ssh-tunnel






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Nov 11 at 6:31









      openCivilisation

      727




      727
























          1 Answer
          1






          active

          oldest

          votes

















          up vote
          1
          down vote



          accepted










          scp supports passing options to ssh via the -o argument.



          In this case, I think the best way to address this is to use scp -o "ForwardAgent yes"






          share|improve this answer





















          • ahh cool. I'm not sure how to do that from localhost, but from the bastion I can do: scp -o "ForwardAgent yes" user@server:/file .
            – openCivilisation
            Nov 11 at 11:42













          Your Answer






          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "1"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














           

          draft saved


          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53246409%2fhow-can-i-use-scp-to-aquire-a-file-from-a-server-via-a-bastion-with-ssh-forwardi%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          1
          down vote



          accepted










          scp supports passing options to ssh via the -o argument.



          In this case, I think the best way to address this is to use scp -o "ForwardAgent yes"






          share|improve this answer





















          • ahh cool. I'm not sure how to do that from localhost, but from the bastion I can do: scp -o "ForwardAgent yes" user@server:/file .
            – openCivilisation
            Nov 11 at 11:42

















          up vote
          1
          down vote



          accepted










          scp supports passing options to ssh via the -o argument.



          In this case, I think the best way to address this is to use scp -o "ForwardAgent yes"






          share|improve this answer





















          • ahh cool. I'm not sure how to do that from localhost, but from the bastion I can do: scp -o "ForwardAgent yes" user@server:/file .
            – openCivilisation
            Nov 11 at 11:42















          up vote
          1
          down vote



          accepted







          up vote
          1
          down vote



          accepted






          scp supports passing options to ssh via the -o argument.



          In this case, I think the best way to address this is to use scp -o "ForwardAgent yes"






          share|improve this answer












          scp supports passing options to ssh via the -o argument.



          In this case, I think the best way to address this is to use scp -o "ForwardAgent yes"







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Nov 11 at 7:05









          Orix Au Yeung

          514




          514












          • ahh cool. I'm not sure how to do that from localhost, but from the bastion I can do: scp -o "ForwardAgent yes" user@server:/file .
            – openCivilisation
            Nov 11 at 11:42




















          • ahh cool. I'm not sure how to do that from localhost, but from the bastion I can do: scp -o "ForwardAgent yes" user@server:/file .
            – openCivilisation
            Nov 11 at 11:42


















          ahh cool. I'm not sure how to do that from localhost, but from the bastion I can do: scp -o "ForwardAgent yes" user@server:/file .
          – openCivilisation
          Nov 11 at 11:42






          ahh cool. I'm not sure how to do that from localhost, but from the bastion I can do: scp -o "ForwardAgent yes" user@server:/file .
          – openCivilisation
          Nov 11 at 11:42




















           

          draft saved


          draft discarded



















































           


          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53246409%2fhow-can-i-use-scp-to-aquire-a-file-from-a-server-via-a-bastion-with-ssh-forwardi%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          Full-time equivalent

          さくらももこ

          13 indicted, 8 arrested in Calif. drug cartel investigation