| | 1 | = How To Login to One Computer from Another = |
| | 2 | |
| | 3 | In GENI, it regularly comes up that folks want to login into one remote node from their local machine, then log into a second remote node directly from the first remote node. |
| | 4 | |
| | 5 | To do this, you need to enable ssh agent forwarding when you log into the first remote node. |
| | 6 | |
| | 7 | If you are using ssh via a command line, you can simply add the `-A` option to your usual `ssh` command when you log into the ''first'' remote node. This is mentioned in passing on the How To page for logging into nodes (search for "agent" in [2]). |
| | 8 | |
| | 9 | To summarize, the following sequence of commands should work: |
| | 10 | {{{ |
| | 11 | local> ssh -A -i ~/.ssh/id_rsa firstnode.example.com |
| | 12 | firstnode> ssh secondnode.example.com |
| | 13 | secondnode> |
| | 14 | }}} |
| | 15 | |
| | 16 | If you are not using a command line ssh client you will need to find the appropriate option on your particular client. Hopefully some poking around and googling will readily turn up the answer. |
| | 17 | |
| | 18 | == References == |
| | 19 | `man ssh` includes this: |
| | 20 | {{{ |
| | 21 | -A Enables forwarding of the authentication agent connection. This |
| | 22 | can also be specified on a per-host basis in a configuration |
| | 23 | file. |
| | 24 | |
| | 25 | Agent forwarding should be enabled with caution. Users with the |
| | 26 | ability to bypass file permissions on the remote host (for the |
| | 27 | agent's UNIX-domain socket) can access the local agent through |
| | 28 | the forwarded connection. An attacker cannot obtain key material |
| | 29 | from the agent, however they can perform operations on the keys |
| | 30 | that enable them to authenticate using the identities loaded into |
| | 31 | the agent. |
| | 32 | }}} |
