1

Let us assume we have three computers (they are all running a modern linux distro) call one a jumpbox, and two others PCs:

      Jumpbox
     /       \
    /         \
   /           \
 PC1           PC2

PC1 has a reverse ssh tunnel into jumpbox on port 39999

PC2 has a reverse ssh tunnel into jumpbox on port 39998

Jumpbox has no local disk space to spare.

How do you setup an rsync over ssh to sync files from PC1:/myfiles to PC2:/myfiles?

Note, currently the connections all work, with shared keys: From jumpbox:

ssh localhost 39999 will get a login to PC1

ssh localhost 39998 will get a login to PC2

Tried and failed to accomplish this, from PC1, PC2 or even Jumpbox. From jumbox, tried to setup rsync but unsure how to specify ports for each destination. This page offers some insights, but does not seem to work. Also, the scp suggestion at the bottom does not specify ports (which would work, note you can do remote to remote copy, but not sure how to set a -P for each host?)

Update, with temporary solution:

After reading this page, and then this page, the scp + tar solution was tested and found to work from the jumbbox. Using some of tars features, although not as nice as rsync, gets the job done.

Just to note, rsync is not intended for rsync remotehost:/files remotehost2:files. I am not a windows user, but if jumpbox were windows based something like WinSCP would work, which I have seen previously. The basic solution can be found in "nortallys" answer on this stack exchange post. Basically:

ssh -p 39999 localhost 'tar -cf - /path/to/files/to/copy' |ssh -p 39998 localhost 'tar -xvpf - -C /'

This works for now, and switches to tar have been added to mimic rsync.

Improve this question
2
  • Have you considered making life easier (and reducing overheads) by using a wireguard VPN? Commented May 25 at 17:04
  • Not sure how that is a solution to this problem. PC1 and PC2 have inbound firewall rules that only allow outbound ssh. A VPN probably just adds a layer of complexity. With an ssh reverse tunnel, I could script this out to be automated to a cron job easily, if I could solve the PC1 to PC2 sync. Commented May 25 at 21:57

1 Answer 1

Reset to default
1

I guess the easiest approach is to create configurations (on PC1) in ~/.ssh/config for

  • the tunneling to jumpbox
  • the SSH connection to PC2
Host jumpbox-tunnel
    Hostaddress 10.1.2.3
    User foo

Host pc2-via-jumpbox-tunnel
    Hostaddress 127.0.0.1:39998
    User foo
    ProxyJump jumpbox-tunnel

Then ssh pc2-via-jumpbox-tunnel should work on PC1. If it does then you can do this with rsync:

rsync -e 'ssh pc2-via-jumpbox-tunnel' --dry-run -av /source/path/ pc2:/target/path/
Improve this answer
4
  • This does not seem to work, even though I have shared keys and can ssh from PC1 or PC2 to jumpbox without password, AND from jumpbox to PC1 and PC2 without password, adding -vvv to the ssh portion of rsync shows that after it connects to jumbox, then attemps to connect to pc2-via-jumpbox at 127.0.0.1:39998, it ikeeps asking for a password and fails. Commented May 25 at 22:05
  • @number9 Obviously you need the private key for PC2 on PC1 (you can define the one to be used in the config file, too). However, this is neither an rsync nor an SSH port forwarding problem at this point any more. You may set LogLevel DEBUG (and reload the service) in /etc/ssh/sshd_config to better understand the problem. Commented May 25 at 22:12
  • Interesting, I placed the key on PC1, no go. It enters some kind of loop that is hard to debug, even with debug. It asks for a password regardless of key placement, and seems to fail with disconnect from UNKNOWN port 65535, too many auth failures (interesting again, 65535, that is the maximum port number). Commented May 25 at 23:57
  • In the debug, it seems that after the initial connection to jumpbox, it tries to then connect back to jumpbox, which then fails (I figured this out as it keeps asking for a password no mater which I use, and then jumpbox password works, which is different). Commented May 26 at 0:03

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.