SSH tunnel through a workstation to a remote server

I have a situation that similar to what is posted here but not quite the same.

I have access to a remote machine A that I connect to from a machine B using a private key with a passphrase. I'd like to give a coworker access to my account on the remote machine A but I obviously I do not like to give him access to my private key that is stored on machine B.

I'd like to do the following but I am confused and do not know how. I'd like to open a tunnel from machine B (middleman) to A (remote) and let my coworker connect to the remote machine using the tunnel. However, in doing so I do not want to give him access to my account on machine B (middleman).

I tried ssh -fNL 12345:A:22 me@A on B but when I issue ssh -p 12345 me@B I get an error saying Permission denied (public key). What am I doing wrong here?

GradGuy

Posted 2014-05-27T20:37:58.250

Reputation: 123

Answers

When you run ssh -p 12345 me@B, the SSH client is being tunneled to the SSH server on A. You would still need valid credentials (account and password or SSH key) for A to log in to A. So, you should use your SSH key for getting in to A at that point.

I'm not sure you need a tunnel for this at all. Have your friend create his own SSH key and give you the public part of the key. Add the public key to your authorized_keys file on A. If your friend can reach A through SSH, he'd then be able to use his own SSH key to log into your account.

If your friend can't access A directly, then you could set up a tunnel as you described, and have him log in as you described. But, he'd use his own SSH key, not yours.

If he ever stops being your friend, just take his public key out of your authorized_keys file.

Kenster

Posted 2014-05-27T20:37:58.250

Reputation: 5 474

I am not allowed to add a new key … that's why I was looking for a better way. Is there any method to keep a connection "open" and have another connection to go through it. Maybe a proxy of some sort? – GradGuy – 2014-05-29T17:04:54.447