The trouble in all three cases is that rsync expects to have the SSH
data stream to "middle" all to itself, but you need to slip a password
into this stream first so that the connection to "target" can be made.

Here's what I think would be easiest. If ssh's input is not a terminal,
but $DISPLAY is set, it tries to use a graphical password-prompting
program specified by $SSH_ASKPASS. Put such a program on "middle" if
you don't already have one, and configure "middle" so that $SSH_ASKPASS
will be appropriately set even though the shell that handles the second
SSH command will not be a login shell (this means ~/.bashrc or
~/.ssh/environment, not ~/.bash_profile). Then, enable X forwarding on
the connection to "middle". The second SSH will pop up a graphical
password prompt, which will rattle through the first SSH to your screen.

This would be the command:
rsync -e "ssh -X middle ssh target" :/path/to/remote/file .
However, I consider the following more elegant because the -e argument
specifies not the remote machine but the way of getting there:
rsync -e "ssh -X middle ssh" target:/path/to/remote/file .

I successfully used this technique to pull a file to my computer from a
computer on my school's network via an intermediary on that network.
Matt McCutchen, ``hashproduct'' --

To unsubscribe or change options:
Before posting, read: