SSH can't do menage a trois?

[Tom Buskey]

Michael O'Donnell said:
>
>I have three machines:
>
> - system C(entral) is connected to two LANs.
> - system L(eft) is on one LAN connected to C.
> - system R(ight) is on the other LAN connected to C.
>
>L and R have no knowledge of each other.  I can
>easily establish SSH sessions and scp files (inbound
>or outbound) between C and L, or between C and R,
>but it seems that I can't, while operating from C,
>say something like:
>
>   scp L:someFile R:someDirectory
>
>...because scp doesn't act as a go-between (as I had
>originally expected it to do) but instead constructs
>and transmits another scp command line for execution
>on L, and that command fails because it refers to R
>which, as I said, L doesn't recognize.
>
>I can hack around this in a number of ways (like
>issuing two separate scp commands with the files
>temporarily residing on C's disk, or by spawning a
>tar on L and one on R and pushing the data from one to
>the other via two pipelined ssh's on C, etc, etc) but
>I wonder if there is some more elegant approach...?
>
>_______________________________________________


I have something similar:

  INTERNET  ---   FIREWALL  ---  LAN

I can setup my firewall to pass SSH (or any protocol) through to a
specific machine on the LAN from the INTERNET.


You're going to have to do some kind of routing on C with ipchain, 
iptables, ipfilter (non linux) handing off a specific protocol from L 
to R.  That's the long term elegant solution.  If you still want to be 
able to SSH into C, run the pass through SSH on another port.  If you 
wanted to SSH from L to R *and* R to L, you'd need 2 SSHs running on 
different ports (maybe).

If it's just one direction and one side is secure enough not to worry 
about security, have C NFS mount R.  L now just goes to C.  My firewall 
situation could do something like this though I wouldn't want to do it 
long term.

I'd imagine you might be able to do something with PPP over SSH or 
some other kind of VPN.

-- 
-------
Tom Buskey