rsync files between two remotes, with only access from the "intermediate"

Question

EDIT #1

As per answer by roaima, I tried (here with user1=user2)

[user3@M3]$ ssh -R 50000:M2:22 user1@M1 rsync -e "ssh -p 50000" -avz /absolute_path1/ user2@localhost:/absolute_path2/
Permission denied, please try again.
Permission denied, please try again.
user2@localhost: Permission denied (publickey,password).
rsync: connection unexpectedly closed (0 bytes received so far) [sender]
rsync error: unexplained error (code 255) at io.c(235) [sender=3.1.3]

There might be a problem with key pairs. There are 6 public-private keys that could be configured (M3->M1, etc.)
Which of these are needed for the command to work (if any)?
Does any of the pairs need to be the same as any other?

---

I have 3 machines, M1 (remote), M2 (at home), M3 (at home, behind the same router). The possible ssh connections (Client->Server) are: M3->M1 (only via VPN), M3->M2. I use ssh key pairs in both cases.

1. M3 has no SSH server, so M1->M3 and M2->M3 are not possible.
2. I cannot use the VPN in M2, so M2->M1 is not possible.
3. I don't know if M1->M2 is possible.

I mean to rsync user1@M1->user2@M2 (i.e., user1@M1 as the source and user2@M2 as the target) and viceversa. In one particular case, user1=user2, but the general case is the target.
Are they possible? Only one of them? How?
For that to be possible, is it mandatory to have M1->M2 access? If so, how can I achieve this?

I seem to be close to it.

1. Trying to rsync M1->M2, I executed in user3@M3 (there is no user1@M3 or user2@M3):

    [user3@M3]$ ssh -R localhost:50000:<M2 ip>:22 <M1 ip> 'rsync -e "ssh -p 50000" --perms -vur --dry-run <M1 dir> localhost:<M2 dir>'
    Enter passphrase for key '<user3 $HOME>/.ssh/id_rsa':
    Connection closed by <M1 ip> port 22
   

   Note that it is the agent in M3 that is asking for the key pair password (since user3 only exists in M3) and I have entered it correctly.

2. Trying to rsync M2->M1, I executed in user3@M3:

    [user3@M3]$ ssh -R localhost:50000:<M1 ip>:22 <M2 ip> 'rsync -e "ssh -p 50000" --perms -vur --dry-run <M2 dir> localhost:<M1 dir>'
    Enter passphrase for key '<user2 $HOME>/.ssh/id_rsa':
    <user3>@<M2 ip>'s password:
    Permission denied, please try again.
    ...
   

   Note that user3 does not exist in M2, so that would never succeed. I have to find the correct way of passing user1. For this...

3. Trying to rsync M2->M1, I executed in user3@M3 adding user2:

    [user3@M3]$ ssh -R localhost:50000:<M1 ip>:22 <user2>@<M2 ip> 'rsync -e "ssh -p 50000" --perms -vur --dry-run <M2 dir> localhost:<M1 dir>'
    Host key verification failed.
    rsync: connection unexpectedly closed (0 bytes received so far) [sender]
    rsync error: unexplained error (code 255) at io.c(235) [sender=3.1.3]
   

Note that using user1 instead of user2 or viceversa would not solve the problem, as they are the same here.

I would try perhaps being able to ssh M1->M2 or viceversa first, if that helps understanding how things work.
How can I accomplish this?

Related:

1. How to rsync files between two remotes?
2. How to rsync files between two remote servers?
3. Trying to run rsync between two remote servers via reverse port forwarding with ssh key
4. How to rsync files between two remotes with an explicit port and different usernames?
5. Aws ec2 - How to rsync files between two remotes?
6. https://serverfault.com/questions/411552/rsync-remote-to-remote
7. https://serverfault.com/questions/249421/rsync-from-one-remote-to-another
8. https://superuser.com/questions/797473/creating-a-connection-between-3-computers
9. SSH - How To Make Three Computer Tunnel?

Answer 1

M3 has no SSH server, so M3->M1 and M3->M2 are not possible.

eh? It is the client which initiates the connection so I would generally write the relationship as client->server.

If there is no server in the middle then the obvious thing to try is to run rsync in the middle on M3 with a remote src and a remote dest (did you?). Unfortunately rsync can't cope with both ends remote. But you can set up a tunnel from M3 connecting to with either end then point rsync at the tunnel from the other end...

userm3@m3 $ ssh -L 2222:m2:22 userm2@m2

Then you can access m2 from m1 via m3:

userm1@m1 $ ssh -p 2222 userm2@m3

(but your authorized keys and any host specific keypairs will be confused by this)

Answer 2

Let's try and pick the bones out of this

Three machines

• M1, remote, user1
• M2, home LAN, user2
• M3, home LAN, user3

Connections

• M3 can reach M1
• M3 can reach M2

You want to transfer data from M1 to M2, and possibly back again.

I assume that although M2 is also on the home LAN, it cannot reach M3. Since you want to use rsync to transfer data between M1 and M2 I shall assume that it's installed on both systems.

The obvious attempt is from M2, rsync user1@M1: user2@M2:, but this isn't possible (rsync can currently handle only one distinct remote target).

We can now map this directly to another question here on StackExchange, How to rsync files between two remotes?, which asks how to implement

rsync -vuar host1:/var/www host2:/var/www

My answer given there offers this solution:

ssh -R localhost:50000:host2:22 host1 'rsync -e "ssh -p 50000" -vuar /var/www localhost:/var/www'

And this in turn can be mapped back to your scenario by replacing host1 with M1 and host2 with M2. Run this command on M3, which is the system that can reach both remote systems:

ssh -R localhost:50000:M2:22 user1@M1 rsync -e "ssh -p 50000" -avz /source/path/on/M1/ user2@localhost:/target/path/on/M2

You connect with ssh from M3 to user1@M1. The connection establishes a channel from M1's TCP/IP port 50000 to port 22 on machine M2, via the originating machine, M3. You then execute an rsync command that uses this channel to connect "directly" to M2. (I've changed the flags slightly; rsync -avz is a better default set than that used in the original question.)