SSH - is this the correct way to forward agent?
Host * ForwardAgent yes
No, you should never forward agent to untrusted servers (for example where you are not root and the root could impersonate you). You should do this only for specific list of servers you trust.
The server also have to support agent forwarding and it has to be allowed if you want to use it: AllowAgentForwarding (in sshd_config).
You can check if your agent was forwarded by running ssh-add -l on the remote server. If it lists your key, then the agent was forwarded.
Related videos on Youtube
13 : 59
10 : 06
10 : 15
10 : 07
01 : 56
Comments
-
Niks over 1 year
I have checked many results but not getting exactly that what I am doing for agent forwarding is correct or not. Please advice.
I have followed this two links
What I am doing is:
- Home PC
- Server 1
-
Server 2
1. In Home PC I am creating one Key and adding it to agent with command
$ ssh-add ~/.ssh/id_rsaAlso I have set in config file as
Host *
ForwardAgent yes
Now I am copying the public key and adding in
authorized_keysfile in Server 1Now I am connecting from Home PC to Server 1 it won't ask me password as I have added key to Server 1
Now as in my terminal (Home PC) I have connected with Server 1, I am going to make connection with Server 2 But it is asking me to add password.
Is this the correct flow to check agent forwarding? IF it work then It should not ask me to add password right? As I am trying connect with server2 via server1.
Please suggest me the correct way to test weather if am doing wrong.
-
Niks about 8 yearsok I have changed * and added my server1 and server2. The server also have to support agent forwarding and it has to be allowed if you want to use it: does this mean I have to set agentforward Yes in my server1 and server2 config file too? Ok, I was checking in ssh-add -l this command where I have added key to agent (In home PC). Thanks for reply can you please confirm above comment?
-
Jakuje about 8 yearsIf it is not set (though it should be by default), yes. But first check
ssh-add -l. -
Niks about 8 yearssorry, but little bit confused 'ssh-add -l' I have to check this in remote server means where I am connecting (Server1 or server2)?
-
Jakuje about 8 yearsYes. Exactly as I wrote.
-
Niks about 8 yearshi.. have one more quetion should I add public key in both the server (Server1 and Server2) while forward agent? As right now I am creating from Home Pc and copying only in server1 not in server2. If agent forwarding is working then it should connect without copy in server2, right? Please guide me for this.
-
Jakuje about 8 yearsThe public key (in
authorized_keys) needs to be on all servers where you want to connect. -
Niks about 8 yearsThanks Jakuje, will ask you more if need your guidance :-)
