What is the proper way of scp'ing between two servers you log in by private key?

ssh

Solution 1:

Assuming you have the same public key present in ~/.ssh/authorized_keys on both servers, and that you are running some kind of ssh agent locally, then you can use Agent forwarding.

localcomputer$ ssh -o ForwardAgent=yes [email protected]

That way, when you from server.one run your scp session against server.two the authentication will transparently be handled in the background by your local computer . Just note the following warning, taken from ssh_config(5)

Agent forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host (for the agent's Unix-domain socket) can access the local agent through the forwarded connection. An attacker cannot obtain key material from the agent, however they can perform operations on the keys that enable them to authenticate using the identities loaded into the agent.

(In short, to a certain degree you will have to trust [email protected].)

Solution 2:

On a sidenote :

If you're sending large data volumes, you'd better use tar-over-ssh, instead of scp. Is really much faster.

see howto use tar over ssh

Related

-bash: ./flume: No such file or directory BUT flume is there and works elsewhere
Which DNS Black Lists would you recommend to discard spam in pre-queue?
Is it possible to keep the .hg directory in custom location
Foremost custom file type not accepted by -t argument
How often does a browser need to perform a DNS lookup for then same site?
Fault tolerant server structure for the smallest of businesses
How do sites such as Google achieve high availability? [closed]
Is it possible to configure Nginx to send TCP keepalive?
How to create a route to a domain name using openvpn
VMWare Workstation virtual vs physical disk?
OpenVPN with iptables and a tun interface
How to upgrade an iSCSI Switch stack with minimal downtime?