37

scp foo user@remote:bar works fine

scp user@remote:foo bar works fine

scp user@remote:foo user@remote:bar fails with error:

Host key verification failed.
lost connection

I am guessing this is because scp disallows remote to remote copy (between two different remote hosts or the same remote host) because it is inefficient to channel the data from point A to point L to point B rather than directly from point A to point B.

Is that the right rationale for why it doesn't work? How come the command-line usage instructions in the manual does not document it? Or is it just that the specific scp on my Ubuntu distribution is trying to be paternal?

necromancer
  • 23,916
  • 22
  • 68
  • 115
  • Off-topic; belongs on [su] or [unix.se] – Jim Garrison Mar 20 '12 at 22:49
  • 2
    The traffic is direct. You'll not have point A to point L to point B, but direct point A to point B. All problems you may have are about the SSH authentication between each point. – dAm2K Mar 21 '12 at 00:05

3 Answers3

73

Check out the option:

-3 : Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. Note that this option disables the progress meter.

This option became available in OpenSSH 5.7

Travis Stevens
  • 2,198
  • 2
  • 17
  • 25
  • If you don't have 5.7+ and you don't want host1 going direct to host2 or you want rsync features try ``dir=`mktemp -d` && cd $dir && rsync -avz user1@host1:~/source . && rsync -avz . user2@host2:~/dest && rm -rvf $dir`` – KCD Jul 24 '14 at 22:38
  • 2
    This has made my life MUCH easier! – user1943442 Jan 07 '15 at 16:19
  • 1
    This works for scp between user1@remote1 and user2@remote2. – tjmehta Sep 28 '15 at 20:12
20

It works. Your problem is the SSH authentication between user@remote and user@remote. If it's the same user on the same server and you are using RSA authentication, you have to append the public key (~/.ssh/id_rsa.pub) into ~/.ssh/authorized_keys of the user itself.

Pay attention to name resolution too. In your case "remote" can be a server name that make sense to your client, but could not make sense from the remote point of view. Use the server IP (if the server is not behind nat) or set a common server name into /etc/hosts on your client and server machine: "remote" should be resolvable from your client and your server machine.

dAm2K
  • 9,923
  • 5
  • 44
  • 47
  • thanks - i understand now. it is the same user and same remote server. – necromancer Mar 21 '12 at 00:54
  • doesnt work for me. same situation (same user and same remote server). the key is appended and im using the server IP. from local to remote and back work fine. – user1338413 Jan 04 '13 at 09:49
  • try with ssh -vvv to enable some debug messages and try to check why it is not working for you – dAm2K Jan 04 '13 at 19:43
2

"It is important to note that SCP cannot be used to remotely copy from the source to the destination when operating in password or keyboard-interactive authentication mode, as this would reveal the destination server's authentication credentials to the source." http://en.wikipedia.org/wiki/Secure_copy#Remote_to_remote_mode

Try using key-based authentication to pull off a remote to remote scp.

Worldcrafter
  • 35
  • 1
  • 6