Changes between Initial Version and Version 1 of HowTo/ForwardSSHAgent

08/07/14 14:33:37 (7 years ago)



  • HowTo/ForwardSSHAgent

    v1 v1  
     1= How To Login to One Computer from Another =
     3In GENI, it regularly comes up that folks want to login into one remote node from their local machine, then log into a second remote node directly from the first remote node.
     5To do this, you need to enable ssh agent forwarding when you log into the first remote node.
     7If you are using ssh via a command line, you can simply add the `-A` option to your usual `ssh` command when you log into the ''first'' remote node.  This is mentioned in passing on the How To page for logging into nodes (search for "agent" in [2]).
     9To summarize, the following sequence of commands should work:
     11local> ssh -A -i ~/.ssh/id_rsa
     12firstnode> ssh
     16If you are not using a command line ssh client you will need to find the appropriate option on your particular client. Hopefully some poking around and googling will readily turn up the answer. 
     18== References ==
     19`man ssh` includes this:
     21     -A      Enables forwarding of the authentication agent connection.  This
     22             can also be specified on a per-host basis in a configuration
     23             file.
     25             Agent forwarding should be enabled with caution.  Users with the
     26             ability to bypass file permissions on the remote host (for the
     27             agent's UNIX-domain socket) can access the local agent through
     28             the forwarded connection.  An attacker cannot obtain key material
     29             from the agent, however they can perform operations on the keys
     30             that enable them to authenticate using the identities loaded into
     31             the agent.