Skip to Content

ssh-agent - How to configure ssh-agent forwarding ?

493  Manu Chacko August 19, 2024  Tweaks & Configuration

ssh jump server

Complete step by step tutorial on how to configure ssh-agent and ssh-agent forwarding

Overview: This article provides a complete step-by-step guide on configuring SSH agent and SSH agent forwarding, including enabling the SSH agent, adding keys, and securely forwarding SSH keys through an intermediary server.

SSH Agent

SSH agent allows you to store ssh keys, and certificates on memory in unencrypted format. ssh-agent acts as an ssh key manager which allows you to use ssh keys without entering a passphrase every time you log in.

Step 1. Enable ssh-agent
# start the ssh-agent 
 
:#$ eval "$(ssh-agent -s)"
 
Agent pid 69599
Step 2. Add the SSH key to the ssh-agent
:#$ ssh-add ~/.ssh/id_rsa
 You can replace id_rsa with your key name. It will ask for a passphrase if you are using encrypted keys while adding.
 
  You can view the added  keys by  the following command

ssh-add -L

Now you can ssh to the target machine without entering the passphrase

ssh username@target_machine

You can use the following command to remove the added keys from ssh-agent

ssh-add -D

You can stop SSH Agent by the following command

:~$ eval "$(ssh-agent -k)"

Agent pid 182 killed

SSH agent forwarding

SSH agent forwarding will allow you login to a distant remote machine by forwarding the SSH keys stored on your local SSH agent onto a host to which you are connecting. For example, you need to connect to your production servers via your gateway server. Then you can add your SSH key to your local desktop ssh-agent and it will forward to your production servers via your gateway server. So you need not add your SSH key to your gateway server. 

Step 1. Create or open up the file at ~/.ssh/config

Enter the following text, and replace gateway with your server domain name or IP.
Host gateway
 
ForwardAgent yes 
If we don't want to create a config file, you can use the " -A "  flag with the ssh command.  " -A "option enables forwarding of the authentication agent connection

ssh -A user@gateway

 Step 2.  Enable ssh-agent
# start the ssh-agent 
 
tom@desktop:#$ eval "$(ssh-agent -s)"
 
Agent pid 69599
Step 3. Add the SSH key to the ssh-agent
tom@desktop:#$ ssh-add ~/.ssh/id_rsa
 You can replace id_rsa with your key name. It will ask for a passphrase if you are using encrypted keys while adding.
 
Step 4. SSH to your gateway machine. You can use -A option or you need to enable forwarding as mentioned in step 1.

tom@desktop:~# ssh -A user@gateway

user@gateway:~# 

#Now you can ssh to your production server

user@gateway:~# ssh user@production_server

user@production_server:~#

You are successfully authenticated with the SSH key on your Desktop Machine.

 
Read more about on SSH-Agent forwarding
 

 

FREQUENTLY ASKED QUESTIONS

1. What is SSH Agent?

An SSH agent, also known as an SSH authentication agent, acts as a secure key management tool for SSH keys. SSH agent securely stores SSH keys and certificates in memory in an unencrypted format. As a key manager, it eliminates the need to type the passphrase multiple times when logging in with an SSH key.

2. What is SSH agent forwarding?

SSH agent forwarding protocol allows secure access to remote servers through an intermediary server . This feature allows you to maintain the ability to authenticate using the SSH keys stored on your local SSH agent while navigating through the intermediate server.

3. Difference between SSH agent and SSH add?

ssh-add is a command line tool that helps to add private SSH keys to the SSH agent.When you run the ssh-add command, it will prompt you for a passphrase if you have set one which is needed to unlock your private key. Once you provide the passphrase, the command proceeds to integrate your private key into the ssh-agent.The passphrase acts as an additional layer of security and encryption for your private key.Adding your private key to the agent enables easy SSH authentication without repeatedly entering the passphrase.

Related Articles

How to add ssh public key for passwordless authentication in ssh

Slowness while doing ssh
Rating: 3.63 (8 Votes)