Is SSH Agent Forwarding the right tool for the job/How to setup SSH Agent Forwarding?

I'm trying to find a secure way for multiple people to access a selection of servers without them needing to know the password.

After reading this SSH Agent Forwarding seems to be the way to go and for extra security I can limit SSH connections to only come from one machine and turn off passwords.

Is this the right way to go about it though?

If so, is there a good guide to setting up Agent Forwarding? What are the best kind of tools to manage this type of setup?

ghickman

Posted 2011-02-13T10:38:35.913

Reputation: 375

Please ask one question per post. (And I guess the 2nd is too broad anyway, but maybe not.) – Arjan – 2011-02-13T10:43:48.583

Answers

Just use SSH Keys, and make sure your users password their private keys. You add their public keys to ~/.ssh/authorized_keys on the remote servers. What happens is the user is prompted for the password to the key, then the key is used to log on to the server. I do this with all my servers then disable ssh password logins.

This works for both Linux and Windows (PuTTY) clients.

Try here for more details: https://wiki.archlinux.org/index.php/Using_SSH_Keys

Andee

Posted 2011-02-13T10:38:35.913

Reputation: 559

I don't think there is "a secure way for multiple people to access a selection of servers without them needing to know [a] password."

The nearest you can get is to use SSH with public-key authentication and use an SSH authentication agent so that users don't have to enter a password to start a new session at any server.

For example: Putty + Pageant.

So far as I know, Agent-forwarding is only useful if you have to use SSH-forwarding in the first place.

RedGrittyBrick

Posted 2011-02-13T10:38:35.913

Reputation: 70 632