how to use ssh agent forwarding

Question

I have three systems , a client that only install ssh client and server_1 and server_2 . im using ssh public authentication and i can ssh from client to both server_1 and server_2. i saved same pub key for server 1 and and now i want to ssh from server 1 to server 2 using agent forwarding and i want my private key stay only on client please help me ASAP how can i do this scenario ? i use this link but dont know how to do it .

An Illustrated Guide to SSH Agent Forwarding: Public Key Access with Agent Forwarding

mbeyss · Answer 1 · 2018-02-22T08:43:03.680

6

First you have to invoke ssh-agent on your client to make it remember your key

ssh-agent -t 3600 ~/.ssh/private_key_rsa

(assuming that your key is stored in ~/.ssh/private_key_rsa, you can also leave out the -t 3600 if you want infinite lifetime)

then you simply ssh into one of your servers using the -A option

ssh -A server1

from there you will then be able to ssh into server2

ssh server2

If you do not want to specify the -A option everytime you can add the following to your ~/.ssh/config (on the client and optionally both servers)

Host server1
 ForwardAgent yes

Host server2
 ForwardAgent yes

This works for any number of servers. To keep the ~/.ssh/config short you can introduce wildcards e.g.

Host server?
  ForwardAgent yes

edited Feb 22 '18 at 08:43

answered Feb 20 '18 at 14:56

mbeyss

1,058

What about server3? – An0n Feb 21 '18 at 19:17
This works for any number of servers. (see also my recent edit). If all servers accept the same key you can do ssh -A server1 from there ssh -A server2 from there ssh -A server3 and so on. – mbeyss Feb 22 '18 at 08:44
For anyone else having a brain fart moment: If you set up agent forwarding for a user, and then run sudo ssh it won't work because you're running ssh as root – Brent Sandstrom Jan 24 '22 at 17:16

An0n · Answer 2 · 2018-02-20T14:54:58.523

3

Forward server host to localhost :

ssh -L localhost:22:localhost:22 user@host

or

ssh -N -f -L serverhost:22:localhost:22 user@server1

After reading your question again.

You want to ssh into server1 :

ssh user@server1

Then you want to ssh into server2:

Into new terminal from client do:

ssh user@server1
ssh user@server2

Then you have 2 connections:

client to server 1
client to server 1 ==> server 2

If you want to have:

client to server 1
client to server 2 (With same key.)

Just do following command.

On client:

Use tmux or open 2 terminals

ssh user@server1

In new terminal:

ssh user@server2

edited Feb 20 '18 at 14:54

answered Feb 20 '18 at 14:28

An0n

2,225

it didnt helped no public key error – bojack horseman Feb 20 '18 at 14:35
You want to forward or 'client to server1 and client to server2?' – An0n Feb 20 '18 at 14:37
same pub key is stored on both server and i can ssh from client to both . now i want to use ssh agent forwarding to ssh from server 1 to 2 without private key save on server like link above – bojack horseman Feb 20 '18 at 14:41
Edited my answer. – An0n Feb 20 '18 at 14:46
ur right in this case . but how can ssh from server 1 to server 2 directly without ssh from client to server 1 using key request and response . imagine server 1 system is some place else and i want ssh from that system to server 2 not from client – bojack horseman Feb 20 '18 at 14:55
You can' t unless you forward from server 1 to server 2. But then you cant ssh into server 1 separately. So you have to do it manualy. – An0n Feb 20 '18 at 14:57
Or you use different ports. And forward from server1 (another port) to server2. – An0n Feb 20 '18 at 14:59
You want to ssh "from that system" so you ALWAYS have to ssh into that system first, wherever you are. Otherwise you just dont use that system. In that system you forward to another server. – An0n Feb 20 '18 at 15:01
so it should be like this : a->b->c ??? – bojack horseman Feb 20 '18 at 15:04
yes as i did in my answer. Read after the edit the first lines. – An0n Feb 20 '18 at 15:05
i did ur answer before but i thought i can connect to server 2 from server 1 seperatly – bojack horseman Feb 20 '18 at 15:07
using public key – bojack horseman Feb 20 '18 at 15:07
and ssh agent forwarding but i didnt find anything on net . – bojack horseman Feb 20 '18 at 15:09
If you can Edit your Question, Then I can Edit My Answer. – An0n Feb 21 '18 at 19:08

score 0 · Answer 3 · answered Nov 03 '21 at 20:53

0

Simple answer is to add flag -A like this:

ssh -A [user]@[hostname]

answered Nov 03 '21 at 20:53

Daniel

101

Which is also mentioned in the other answer ;) – MadMike Nov 04 '21 at 07:43
@MadMike right, but it's hard to find because of length of answer – Daniel Nov 08 '21 at 12:12

how to use ssh agent forwarding

3 Answers3