SSH Agent Forwarding

I think you are already familiar with SSH Agent and you know how to use it. According to this I’m not going to repeat it. I would like to show you how to use SSH Agent in the situation when you have to access SSH server with using a SSH Hopping server.

SSH_Clinet → SSH_Hopping_Server → SSH_Server

SSH Agent is listening on your local Unix Socket. According to this it is possible to do SSH Forwarding for SSH Agent.
With this benefit:
- In this case you can upload all your SSH keys to your local SSH Agent and make them available to use on SSH Hopping server to access your SSH Server.
- It is not required to copy your private SSH Keys to all SSH Hopping servers.
- It is possible to store all your SSH Key’s on different sever as your SSH Client. In the case SSH Agent is running on your SSH Client and you are connected to SSH Server with enabled SSH Agent Forwarding it is possible to upload all available SSH Keys stored at SSH Server (Related to your user. As well you will need to use passphrase). After you will disconnect from SSH Server all the uploaded SSH Keys will be still available in SSH Agent.

At first you need to make sure that your SSH Agent is running on your SSH Client

[user@SSH_Client ~]$ echo $SSH_AUTH_SOCK                                            # Path to SSH Agent socket
/home/user/.ssh-socket

[user@SSH_Client ~]$ ssh-add -l                                                     # List of loaded SSH Keys
4096 57:5a:d1:c1:6c:5c:ab:9f:88:4c:d9:6d:d8:09:85:89 /home/user/.ssh/id_rsa (RSA)
1024 06:85:95:ff:2a:bf:ef:42:78:c3:4e:de:4c:6d:0c:2d /home/user/.ssh/id_dsa (DSA)

Description: “ -D “
Example: “ ssh –A user@hopping_server ”

In this step you will need to open standard SSH session from you r SSH Client to SSH Hopping server, as well we will use the SSH Agent forwarding with parameter “ –A ”

[user@SSH_Client ~]$ ssh -A user@SSH_Hoppling                                   # Connect to SSH Hopping server and start SSH Agent Forwarding
Last login: Sat Jan 25 15:40:25 2014 from ssh_client

[user@SSH_Hoppling ~]$ echo $SSH_AUTH_SOCK                                      # Check Path to SSH Agent socket
/tmp/ssh-ChJPLA2527/agent.2527

[user@SSH_Hoppling ~]$ ssh-add -l                                                   # Check Loaded SSH Keys
4096 57:5a:d1:c1:6c:5c:ab:9f:88:4c:d9:6d:d8:09:85:89 /home/user/.ssh/id_rsa (RSA)
1024 06:85:95:ff:2a:bf:ef:42:78:c3:4e:de:4c:6d:0c:2d /home/user/.ssh/id_dsa (DSA)
[user@SSH_Hoppling ~]$

In this step we are going to use SSH Agent that was forwarded to SSH Hopping server. We will use mentioned SSH Agent to connect to SSH Server.

[user@SSH_Hoppling ~]$ ssh user@SSH_Server                        # Connect to SSH Sever from SSH Hopping server without SSH Agent Forwarding
Last login: Sat Jan 25 15:49:40 2014 from ssh_hopping
[user@SSH_Server ~]$

[user@SSH_Client ~]$ ssh -A -C -t  user@SSH_Hopping   ssh user@SSH_Server   # Use SSH_Hopping server to connect to SSH_Server
Last login: Sat Jan 25 16:26:48 2014 from ssh_hopping
[user@SSH_Server ~]$