2
I am trying to implement/test SSH Forwarding, but the only way, so far, that I can make it work is if I manually copy the public key (ssh-rsa xxxx) to each of the machines I want to SSH to.
Suppose I have:
My workstation - has Putty and Pageant and I have a PPK that I import into Pageant and also the corresponding public key.
CENTOS1 - has ssh-agent running and sshd_config and ssh_config has the "Forwarding" parameter set to "yes"
CENTOS2 - has ssh-agent running and sshd_config and ssh_config has the "Forwarding" parameter set to "yes"
Then, I use Putty to connect to CENTOS1 and I can get into CENTOS1.
But, if, from CENTOS1, I try "ssh myself@CENTOS2" I cannot get in and get a "Permission denied".
But, if I copy the public key to the authorized_keys on CENTOS2, then, when I am on CENTOS1, I can "ssh myself@CENTOS2" ok.
I thought that, with the ssh-agents running on CENTOS1 and CENTOS2, and with Pageant running on my workstation with the PPK loaded into Pageant, that I should be able to Putty to CENTOS1 and then, from CENTOS1, I should be able to SSH to CENTOS2, without having to manually copy the public key to either CENTOS1 or to CENTOS2?
I thought that that was the purpose of using ssh-agent and Pageant (avoiding having to copy the public key to target machines)?
Or does using the ssh-agent and Pageant only serve to avoid having to copy the private key to the target machines?
Thanks, Jim
1Public key authentication works like that: cut a dollar to billions parts, mix it well then split in a half, one part would be a public and another one is private. To be authenticated you need both parts, that is why public key must be on the server(s) and private key on your computer you are connecting to remote. Agent job is to cache password(to not bother you entering it multiple times) that used to encrypt private key itself to protect from unauthorized use by people on your computer. – Alex – 2018-08-11T13:19:32.143