Re: [Duplicity-talk] tunneling

[edgar . soldin]

On 12.03.2015 11:24, ST wrote:
> Thank you very much,
> 
> On Thu, 2015-03-12 at 10:52 +0100, address@hidden wrote:
>> On 12.03.2015 10:26, ST wrote:
>>> Hi,
>>> I want to make a backup using duplicity (which uses paramiko) and upload
>>> files to a remote host R2, the problem is, that I can access R2(sftp
>>> access) only from R1(ssh access). How can I tunnel duplicity through R1
>>> to R2? I defined (in .ssh/config) Host R2 and ProxyCommand ssh -p XXXX
>>> -qW %h:%p address@hidden and I can actually do `sftp address@hidden but 
>>> when I run
>>> `duplicity Dir sftp://address@hidden/` there is a delay and I get
>>> "BackendException: ssh connection to R2:22 failed: timed out". 
>>
>> paramiko does not implement all functionality of openssh eg.
>>  
>>> Is there
>>> a way to tell paramiko to use my .ssh/config? Or is there a way to
>>> tunnel through another host in paramiko?
>>
>> not afaik.
>>
>> a workaround could be establishing the tunnel beforehand using openssh
>>
>>  ssh -L portlocal:host2:port2 host1
> 
> Will this work if on host2 I have only sftp access and not the full ssh
> access? Right now I use following command:
>       ssh -L 2222:address@hidden:22 address@hidden -p XXXX
> 
> after this I get on host1 (I have ssh keys installed), but when I try on
> another terminal:
>       sftp -P 2222 localhost
> I get in that terminal:
> ssh_exchange_identification: Connection closed by remote host
> Couldn't read packet: Connection reset by peer
> 
> And on the terminal with the active connection to host1:
> channel 3: open failed: administratively prohibited: open failed
> 
> Any ideas?
> 

you can only tunnel through machines where you have ssh, not only sftp, access. 
can you login to host2 using ssh?

..ede/duply.net