Linux – ssh agent forwarding when using bastion host

When using a bastion host (or Jumpbox) to connection to production server using ssh private keys, ssh agent forward can be used. The main advantage is that you wont have to copy you keys on bastion host and hence your keys are more secure.

Using command line option -A

Use -A option when connecting to bastion host. Then you can connect to target host without having to specify your keys again.

$ ssh -i PRIVATE_KEY_FILE -A bastionhost.com

## On bastion host check env variable SSH_AUTH_SOCK
$ echo $SSH_AUTH_SOCK
/tmp/ssh-gDJRG7maIa/agent.26247

## now connect to productionhost.com from bastion host
$ ssh productionhost.com

Using ~/.ssh/config

Alternatively update ssh config file on you laptop/desktop to enable agent forwarding when connecting to bastionhost.com

Host bastionhost.com
  ForwardAgent yes
Share this article: share on Google+ share on facebook share on linkedin tweet this submit to reddit

Comments

Click here to write/view comments