Agent forwarding

Figure 980. Intermediate host hopping Slide presentation
Intermediate host hopping

Figure 981. Intermediate host hopping fails Slide presentation 
goik@local> ssh root@learn.mi.hdm-stuttgart.de
Linux learn 6.5.13-1-pve #1 SMP PREEMPT_DYNAMIC PMX 6.5.13-1 (2024-02-05T13:50Z) x86_64
...
root@learn:~# ssh klausur.mi.hdm-stuttgart.de
root@klausur.mi.hdm-stuttgart.de: Permission denied (publickey).

Figure 982. Intermediate host hopping options Slide presentation

  1. Copy private key ~/.ssh/id_ed25519 to intermediate host (and re-enter passphrase there).

  2. Enable agent forwarding.

    Note

    Agent authentication socket on originating client host required.


Figure 983. Enable ssh agent forwarding Slide presentation 
# File ~/.ssh/config goik@local
...
Host learn.mi.hdm-stuttgart.de
  ForwardAgent yes # Forward ssh agent            
                   # to remote host.
...
 
goik@local> ssh root@learn.mi.hdm-stuttgart.de     
Linux learn 6.5.13-1-pve #1 SMP ...
   ...
root@learn:~# 
root@learn:~# ssh klausur.mi.hdm-stuttgart.de
Linux klausur 6.8.8-4-pve #1 SMP ...
   ...
root@klausur:~#

exercise No. 6

ssh host hopping

Q:

In this exercise we pretend you can access a host A by ssh. On contrary a second host B can only be accessed from host A e.g. residing in a restricted network. You may thus:

  1. Create two hosts A and B with ssh key access being enabled for both of your group.

  2. Enable agent forwarding from your local workstation to host A.

  3. Login to host A by ssh.

  4. Continue login to host B.

  5. Close both connections thus getting back to your workstation.

  6. Login to host B.

  7. Still on B try logging in to Host A.

    What do you observe? Why does it happen?
Prev  Up  Next
Passphrases and ssh agent  Home  Port forwarding