[Short Tip] Use SSH agent forwarding on remote servers

When you administrate machines it sometimes makes sense to forward your SSH agent information from your client A to the server B. Using agent forwarding you can use the authentication keys from client A on server B to for example properly authenticate on server C – without the need to copy your private SSH key to server B. One common example in my case is that I sometimes need to access Gitolite/Github repositories on server B but I do not want to copy my SSH key there.

Keep in mind that you previously have to add the wanted SSH key on client A via ssh-add!

$ ssh-add -c
Identity added: /home/liquidat/.ssh/id_rsa (/home/liquidat/.ssh/id_rsa)
The user must confirm each use of the key
$ ssh -A server_b.example.net
liquidat@server_b.example.net's password: 
Last login: Fri May 24 17:11:17 2013 from somewhereovertherainbow.example.com
$ ssh git@git.example.com info
hello liquidat, this is git@git.example.com running gitolite3 3.5.1-1.el6 on git 1.7.1


(Thanks to Evgeni for reminding me of the ‘-c’ flag.)

3 thoughts on “[Short Tip] Use SSH agent forwarding on remote servers”

  1. please please please, with sugar on top, use `ssh-add -c` (Indicates that added identities should be subject to confirmation before being used for authentication), if you don’t do this, the machine you SSH to can hijack your SSH key and abuse it without your knowledge.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: