Don't use passwords for remote authentication

The ssh-in-ssh tunnel is clever (and worth recommending) but doesn't really solve my day-to-day need for the scenario I outlined. The trouble is that if you connect from A to B via commercial leased line at 2Mbit/s and want to move a large file from B to C (which is next to it in a rack and via GigE) then it will take days to move via your ssh-in-ssh trick, compared to a few minutes with some trust invested in B*. Tunnels are transparent... right up until bandwidth and latency matters.

* Of course you can conjure up solutions involving an untrusted connection directly from B to C carrying just the file contents, then verifying a checksum via the SSH tunnel and so on. But it'd take a lot of paranoia to justify actually writing scripts for that rather than just agreeing it would work in principle.