Use SSH Keys on a Remote Computer

Image
ssh agent forwarding
Author
Date published

SSH Agent Forwarding is used to share ssh keys with a remote computer.

Use Case

You SSH into a remote computer, and from there, you need to access a remote server that requires your ssh keys. A typical example of this is cloning a repository on a remote computer. However, you don't want to copy your local ssh keys to the remote server or create new ones. SSH Agent Forwarding allows a remote computer to use your local SSH keys without leaving your credentials on the remote computer.

Image
ssh agent diagram

Basic Concepts

SSH Agent: A program that keeps track of identity keys and passphrases. The SSH Agent is needed for Agent Forwarding. You can use SSH Agent to remember your SHH passphrase; therefore, you don't need to type your passphrase each time you use your private key. This post does not cover passphrases.

SSH Agent Forwarding: A feature of SSH that allows an SSH server on the remote computer to use the client's SSH Agent to access SSH keys on the local computer.

SSH Agent Setup Steps:

  1. Start the SSH Agent on your local computer
  2. Add your ssh leys to the agent
  3. Connect to the remote computer via SSH with forwarding turned on

Demonstration

In the example below I will share SSH keys with a remote computer to access a git repository.

Verify the local computer has SSH access to Github using the ssh -T command.

Image
ssh example

SSH into the remote computer and verify it does not have access to Github. On the remote computer, we will receive a 'permission denied' error from Github because the remote computer does not have my SSH credentials.

Image
ssh example
Image
ssh example

On the local computer, check if the SSH Agent is running by displaying the $SSH_AGENT_ID environment variable. If it's running, the agent process ID will be displayed. If it's not running, blank will be returned.

Image
ssh example

On the local computer, start the SSH Agent using the eval command. On success, the Agent process ID will be displayed.

Image
ssh example

On the local computer, list SSH identifies assigned to the agent using ssh-add -l. Since the SSH was just started, no identities will be returned.

Image
ssh example

Add the SSH identities, aka SSH keys, defined in the ~/.ssh folder with ssh-add. The ssh-add command will add all identified in the ~/.ssh folder by default. To add a specific identity, use the -T parameter.

Image
ssh example

Verify the identities were add by running ssh-add -l

Image
ssh example

Reconnect to the remote computer with SSH and use the -A parameter to set Agent Forwarding on.

Image
ssh example

On the remote computer, verify Github is now accessible.

Image
ssh example

Additional SSH Tip

SSH Config

You may have noticed in the demonstration above, the ssh command does not include an IP address or user name. ssh pi3b vs. ssh pi@192.168.1.10. This is accomplished by using an SSH config file in ./ssh/config:

Host pi3b
    HostName 192.168.1.10
    User pi

SSH Config can also automatically set Agent forwarding for an SSH connection, removing the needs to pass -A with the SSH command.

Host pi3b
    HostName 192.168.1.10
    User pi
    ForwardAgent yes

You can learn more about SSH Config in my post Easier SSH with Config.

Keywords