Linux – ssh agent forwarding when using bastion host

on

When using a bastion host (or Jumpbox) to connection to production server using ssh private keys, ssh agent forward can be used. The main advantage is that you wont have to copy you keys on bastion host and hence your keys are more secure.

Using command line option -A

Use -A option when connecting to bastion host. Then you can connect to target host without having to specify your keys again.

$ ssh -i PRIVATE_KEY_FILE -A bastionhost.com

## On bastion host check env variable SSH_AUTH_SOCK
$ echo $SSH_AUTH_SOCK
/tmp/ssh-gDJRG7maIa/agent.26247

## now connect to productionhost.com from bastion host
$ ssh productionhost.com

Using ~/.ssh/config

Alternatively update ssh config file on you laptop/desktop to enable agent forwarding when connecting to bastionhost.com

Host bastionhost.com
  ForwardAgent yes

Suggested posts:

  1. How to prevent ssh session freezing due to timeout
  2. How to use custom identity file with rsync on Linux
  3. Display keys added to ssh-agent using ssh-add
  4. Linux iptables – Nat port forwarding using PREROUTING
  5. How to log page latency and url host in apache log
  6. Fetch wordpress rss feed as FeedBurner user agent on command line
  7. How to connect to mysql server using ssh port forwarding
  8. How to use ssh port forwarding to surf a site from different location
Share this article: share on facebook share on linkedin tweet this submit to reddit
Posted in | Tagged , , , ,