On 07Jul2016 21:07, bruce <badouglas(a)gmail.com> wrote:
Still trying to get my mind around how to solve this. Someone
mentioned ssh
forwarding, but I've not gotten it to work.
Specificly, ssh-agent forwarding.
Say I have 5 boxes on my network,
box1
box2 [...]
Each box has a generic user - user1, with limited perms/access
On my local box, i create a pub/private ssh key. I copy the pub key to each
box..
From my local box, I can then ssh -using the priv/pub key into box1.
From box1, can I then hop/ssh over to box2, using the pub key for the user1
that I created/installed?
I'm trying to figure out how I can hop between boxes as needed without
having to have lots of pub/private keys ...
You want to forward your ssh-agent. Put "ForwardAgent yes" in your
.ssh/config "Host *" final clause.
Then, in your original shell:
- start an ssh-agent: eval `ssh-agent -s`
- add your key: ssh-add
- check it was good: ssh-add -l
- ssh to (eg) box1 and check again: ssh-add -l
Using "ssh -v" should show you the use of the key from the agent.
A note re the "eval" command above: "ssh-agent -s" spawns an ssh-agent
and
emits shell statements on its stdout to set SSH_* environment variables. These
are necessary for your shell to provide the ssh-agent's details to any ssh
commands you then run. So you eval the output of ssh-agent to define these
variables.
For purposes of seeing this clearly, just go:
ssh-agent -s
at your prompt, and then cut/patse its output by hand. Thus you can see exactly
what it did, and understand what the eval would do.
Cheers,
Cameron Simpson <cs(a)zip.com.au>