It's quite easy.
1. Put your public key on both B and C.
2. Make sure you're using the ssh-agent. RH9 is set up with this quite well already -- type "ssh-add -l" to see if your key is registered and "ssh-add" to actually register it.
3. "echo ForwardAgent yes > ~/.ssh/config
3a. You may need to restart the ssh agent by logging out and logging in again.
4. Now ssh to B (notice no prompts for password or private-key passphrase) and then ssh to B and the original ssh will forward the authentication signing to the agen running on A.
Make sure you do an "ssh-add -D" to remove your private key when you leave your machine (assuming you don't log out). I put it in a cron job ...
I have a little howto describing all of this in gory detail if you're interested.
jch
A.J. Werkman wrote:
I have a SSH proxy problem.
If I have three machines A, B and C. A can't reach C, but B can both reach A and C.
In order to connect form A to C you would connect from A to B with ssh and on B connect to C. Now you have a proxy connection from A through B to C.
But I use only key authentication. B and C are configured to accept the key from A. But B as not being accepted as a total secure host (because it is the gateway to the evale world), does not have authentication keys. Conquering this gateway would mean every host can be reached by using the authentication key on the gateway.
Now if I want to connect from A to C I log in using the private key on host A. But if I want to log in from host B to C I don't have a private key there to use.
Does anyone know if it is possible to use the above scenario but be able to use my private key from host A on host B to access host C. Of course I don't want to copy the private key from host A to host B because of the risk of compromising this key.
I hope what I am saying here makes sense to all. Does anyone know a solution?
Regards, Koos.
