On Monday 09 August 2010 10:23 PM, Raj Mathur (राज माथुर) wrote:
On Monday 09 Aug 2010, Rony wrote:
On Monday 09 August 2010 10:03 PM, Raj Mathur (राज माथॠर) wrote:
Yes, that's what I confirmed by transferring a large file two remote servers and watching my traffic.
Before you did this experiment, has aa ever established an ssh connection with nn or vice versa? Suppose aa and nn have never communicated with each other, if aa is giving a key to nn, how does nn say 'yes' to accept it, through a third party control machine? I am not doubting your experiment but only clearing my own understanding of ssh so no offense intended. Could you try the same experiment on virgin machines?
I have ssh auth forwarding and key-based login on both machines, and that might explain why one talked to the other. I'm too lazy to try with passwords and no auth forwarding, let someone else do it!
As I was re-thinking about this, it is now clear to me. The control machine simply instructs the source machine to forward the data to the destination machine. There is no way data will pass through the control machine. It is only issuing instructions. Since the source and destination paths are absolute, the machines can directly link to each other. However they will have to be set up for password-less login so that data can pass on from source to destination without authentication.
If I guess correctly, when the control machine issues an scp command to the source machine in the example given by Osric,
[user3@host3 ~]$ scp user1@host1:file user2@host2:path
only host1 will offer its key to the control machine and ask for the user1 password. The host2 machine will not talk to the control machine at all. Host1 will talk to host2.