= How To Forward Your SSH Agent = In GENI, it regularly comes up that folks want to login into one remote node from their local machine, then log into a second remote node directly from the first remote node. The tricky bit is that the first remote node does not have your private `ssh` key and so you can't login to the second remote node. Instead you need to enable ''ssh agent forwarding'' when you log into the first remote node. If you are using `ssh` via a command line, you can simply add the `-A` option to your usual `ssh` command when you log into the ''first'' remote node. This feature is particularly useful for working around a [wiki:HowTo/LoginToNodes#MyGENIhostisbehindafirewall firewall]. To summarize, the following sequence of commands should work: {{{ local> ssh -A -i ~/.ssh/id_rsa firstnode.example.com firstnode> ssh secondnode.example.com secondnode> }}} If you are not using a command line `ssh` client you will need to find the appropriate option on your particular client. Some poking around and googling should readily turn up the answer for your client. == References == `man ssh` includes this: {{{ -A Enables forwarding of the authentication agent connection. This can also be specified on a per-host basis in a configuration file. Agent forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host (for the agent's UNIX-domain socket) can access the local agent through the forwarded connection. An attacker cannot obtain key material from the agent, however they can perform operations on the keys that enable them to authenticate using the identities loaded into the agent. }}}