For some reason this seems confusing– but it isn’t! That said, I always forget the specifics. Here’s how you use ssh-agent to do key forwarding to remove machines.
On your local machine, execute:
eval `ssh-agent`
Note the back ticks around ssh-agent. you need to eval this, not run it!
Now you need to add the identities you want to use:
ssh-add path/to/keyfile
if run without arguments, ssh-add will add the default keys ~/.ssh/id_dsa and ~/.ssh/id_rsa and ~/.ssh/identity. If I want a non-default identity, it would look something like this:
ssh-add ~/.ssh/bigbird.key
To see which identities have been added, do:
ssh-add -l
The key file needed by ssh-agent is a private key. Just like regular public key auth, the corresponding public key must, of course, be on the server you want to use agent forwarding with. If it’s not already there, add it:
scp ~/.ssh/myidentity.pub user@example.com:/tmp
On the server, dont forget to append the public key to the end of the authorized_keys file (or create the file if it doesn’t already exist).
cat /tmp/myidentity.pub >> ~/.ssh/authorized_keys
Now, you should be all set. use ssh with the -A switch (to enable ‘A’gent forwarding):
ssh -A user@example.com
It should log you in automatically. If it doesn’t, something went wrong, so double check and try again.
If you want, you can run ssh-agent and ssh-add from your bashrc file so it happens every time you log in, with the corresponding security considerations of course. Agent forwarding is useful to ease frequent remote logins, but it’s also pretty cool if you’re poking around on a cluster and want to run a distributed shell like pdsh or gxp. You can also do multi-Hop forwarding, which involves using agent-forwarding from your localhost to server A, then from server A to server B, from server B to server C, … etc. The only thing to do differently here is make sure you use the -A option for each hop.
Tags: Applied, bash, howto, linux, programming