Linux Private RSA key secure storage

Answers

Use the proxycommand feature of ssh and authenticate to the C directly from your machine A. Store in your ~/.ssh/config:

Host B
 Hostname hostnameB
 User userB
HostC
 Hostname hostnameC
 User userC
 ProxyCommand ssh -W %h:%p B

And then you can connect transparently to C:

ssh C

Jakuje

Posted 2016-01-18T16:01:47.403

Reputation: 7 981

That's great thank you, what if B needed to securely and automatically communicate with C, with out user intervention from A, is that possible? – Sam3000 – 2016-01-18T18:56:28.340

1If B needs to communicate with C, without user interaction and A, then it has to poses of some authentication mechanism, that can be misused if you don't trust that machine. Regardless it is password or private key. But of course it might be special key made only for that machine with limited functionality on the C machine. – Jakuje – 2016-01-18T19:00:06.787

If these were pgp/gpg keys, they would already be encrypted with a passphrase; additional security would just be icing on the cake, but then there's the passphrase storage problem. Tor works similarly to this setup, and I think their messages are encrypted multiple times, so that even if a relay, B in your case, were reading all the message, B would only see encrypted data that only C or A can read. If you were nesting encrypted messages, you wouldn't care if B were monitored either. I think Jakuje's answer does this, so +1 – Xen2050 – 2016-01-18T17:46:50.443