Ssh use private key over 2 servers

Question

Machine1 has private and public pair. Machine2 and machine3 have public key.

I go to machine2 from machine1 over ssh and then I want to go to machine3 from machine2. It's like that machine1--ssh-->machine2--ssh-->machine3 How can I do that?

score 2 · Answer 1 · answered Nov 03 '10 at 20:20

Lets clarify this: the user you are establishing these connections as has a public/private key pair. In ~/.ssh/authorized_keys on machine2 and machine3 there is a copy of the connecting users public key?

If this is the case then on machine1 you should be running an ssh-agent to cache the credentials for your key. Here's what it looks like when I set up an ssh agent and cache my key:

<tbielawa>@(expressomaker)[~] 04:15:33
$ eval `ssh-agent`
Agent pid 21725
<tbielawa>@(expressomaker)[~] 04:15:20
$ ssh-add
Enter passphrase for /Users/tbielawa/.ssh/id_rsa: 
Identity added: /Users/tbielawa/.ssh/id_rsa (/Users/tbielawa/.ssh/id_rsa)
<tbielawa>@(expressomaker)[~] 04:15:31
$ ssh-add -l
2048 5f:e0:9b:92:e4:80:7e:5e:c8:29:00:29:ae:ca:bd:58 /Users/tbielawa/.ssh/id_rsa (RSA)

(You only need to run eval ssh-agent if one isn't running already)

Then when I make SSH connections I run the ssh command with the ForwardAgent option like this:

<tbielawa>@(expressomaker)[~] 04:17:58
$ ssh fridge -o "ForwardAgent yes"
Last login: Wed Nov  3 14:32:28 2010 from expressomaker

Except I don't do that all the time, my ~/.ssh/config file is configured to forward my agent automatically:

<tbielawa>@(fridge)[~] 04:18:03
$ cat .ssh/config
Host *
     ForwardAgent yes

If you run your ssh commands like this then your agent will be with you on server. You can then ssh to server3 using your public/private key combination.

A shorter form of -o "ForwardAgent yes" is simply to use -A. — andol, Nov 03 '10 at 21:41
@andol, I'm surprised I forgot to mention that. Nice addition! I guess I was thinking about the concept of agent forwarding in general. — Tim Bielawa, Nov 03 '10 at 21:56

score 0 · Answer 2 · answered Nov 03 '10 at 20:33

0

Use ssh-agent on machine1 and agent forwarding. There is a great guide from Steve Friedl which illustrates this in detail.

You might want to check out keychain, too.

answered Nov 03 '10 at 20:33

Cakemox

24,141
6
41
67

score -1 · Answer 3 · answered Nov 03 '10 at 20:19

If you want to login from one machine to another without a password, you need to use ssh-keygen tool to generate the key pair and then copy it to the destination machine.

The way to do it to create the key pair and then copy the public key to each server you want to have access. The file should be copied to /home/user/.ssh/authorized_keys. Of course, you have to replace /home/user with the real user home directory.

Here are required the steps:

1- Create key pair on machine1.

2- Copy the generated public key to machine2.

3- Create another key pair on machine2.

4- Copy the generated public key to machine3.

this isn't necessary, you can use ssh agent forwarding as mentioned in other answers. — ThatGraemeGuy, Nov 03 '10 at 20:45

Ssh use private key over 2 servers

3 Answers3