Ssh Agent Forwarding: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
(5 intermediate revisions by the same user not shown) | |||
Line 3: | Line 3: | ||
* https://yakking.branchable.com/posts/ssh-A/ | * https://yakking.branchable.com/posts/ssh-A/ | ||
* https://dev.to/levivm/how-to-use-ssh-and-ssh-agent-forwarding-more-secure-ssh-2c32 | * https://dev.to/levivm/how-to-use-ssh-and-ssh-agent-forwarding-more-secure-ssh-2c32 | ||
* https://developer.github.com/v3/guides/using-ssh-agent-forwarding/ | |||
=Internal= | =Internal= | ||
* [[ssh-agent]] | |||
* [[OpenSSH_Configuration#-A|OpenSSH Configuration]] | * [[OpenSSH_Configuration#-A|OpenSSH Configuration]] | ||
* [[OpenSSH_Operations#Server_Operations|OpenSSH Operations]] | * [[OpenSSH_Operations#Server_Operations|OpenSSH Operations]] | ||
Line 11: | Line 12: | ||
=Overview= | =Overview= | ||
Agent forwarding means using the local identity (private key) from the machine that initiated the ssh connection on the remote machine - the machine you're logging into. This mode allows you to authenticate against further machines you may log into, with your local credentials, while logged in on the remote machine, without copying your private key on the remote machine. | Agent forwarding means using the local identity (private key) from the machine that initiated the ssh connection on the remote machine - the machine you're logging into. This mode allows you to authenticate against further machines you may log into, with your local credentials, while logged in on the remote machine, without copying your private key on the remote machine. This model works well for SSH proxies, usually found on bastions. | ||
To use it, first you need to add the private key identity you want to use to the authentication agent: | |||
ssh-add ~/.ssh/id_rsa | |||
Then you connect with using the -A option: | |||
ssh -A ... | ssh -A ... | ||
This forwards the connection to your [[OpenSSH_Concepts#ssh_Agent|ssh agent]] on the remote computer. | This forwards the connection to your [[OpenSSH_Concepts#ssh_Agent|ssh agent]] on the remote computer. | ||
=List all Identities= | |||
To list all identities the SSH agent is aware of at the moment: | |||
ssh-add -l | |||
=Drop all Identities= | |||
ssh-add -D |
Latest revision as of 00:02, 3 November 2023
External
- https://yakking.branchable.com/posts/ssh-A/
- https://dev.to/levivm/how-to-use-ssh-and-ssh-agent-forwarding-more-secure-ssh-2c32
- https://developer.github.com/v3/guides/using-ssh-agent-forwarding/
Internal
Overview
Agent forwarding means using the local identity (private key) from the machine that initiated the ssh connection on the remote machine - the machine you're logging into. This mode allows you to authenticate against further machines you may log into, with your local credentials, while logged in on the remote machine, without copying your private key on the remote machine. This model works well for SSH proxies, usually found on bastions.
To use it, first you need to add the private key identity you want to use to the authentication agent:
ssh-add ~/.ssh/id_rsa
Then you connect with using the -A option:
ssh -A ...
This forwards the connection to your ssh agent on the remote computer.
List all Identities
To list all identities the SSH agent is aware of at the moment:
ssh-add -l
Drop all Identities
ssh-add -D