Let’s say you can access Server A with SSH from your local pc, but you can’t access Server B. Server A however can access it on the IP level, but Server B does only have your public key in it’s .ssh/authorized_keys file, so how do you access it? The answer is SSH Agent Forwarding. SSH-Agent will keep your key in memory so you won’t have to type in your passphrase every time the key is used.
- ssh-agent zsh - (zsh is the shell i’m using. It could also be bash or whatever shell you’re using)
- ssh-add ~/.ssh/id_rsa - Adds my private key to ssh-agent
- ssh-add -l - Shows a summary of the keys added to ssh-agent. Use ssh-add -L for detailed view
- ssh -A user@server_A - Enables forwarding of connections from an authentication agent
You are now connected to Server A and are now able to ssh to Server B without having the private key on Server A
Commands Summary
ssh-agent YOUR-SHELL # (zsh is the shell i'm using. It could also be bash or whatever shell you're using)
ssh-add ~/.ssh/id_rsa # Adds my private key to ssh-agent
ssh-add -l # Shows a summary of the keys added to ssh-agent
ssh-add -L # Shows a detailed view of keys added to ssh-agent
ssh-add -d ~/.ssh/id_rsa # Removes the specified private key from ssh-agent
ssh-add -D # Removes all keys from ssh-agent
ssh-add -K # Load resident keys from a FIDO authenticator
ssh -A user@ip # Enables forwarding of connections from an authentication agent