Blog

Welcome to my blog, a dynamic space where I delve into the world of technology. Here, I not only share an array of tools, tips, and techniques that I’ve gathered over the years but also explore diverse tech topics. Additionally, this blog serves as a personal canvas, reflecting the various events and experiences from my life. It's a blend of professional insights and personal stories, all aimed at enriching your understanding of the ever-evolving tech landscape.

Use SSH Keys on a Remote Computer

Jan 16, 2022

SSH Agent Forwarding is used to share ssh keys with a remote computer.

Use Case

You SSH into a remote computer, and from there, you need to access a remote server that requires your ssh keys. A typical example of this is cloning a repository on a remote computer. However, you don't want to copy your local ssh keys to the remote server or create new ones. SSH Agent Forwarding allows a remote computer to use your local SSH keys without leaving your credentials on the remote computer.

Basic Concepts

SSH Agent: A program that keeps track of identity keys and passphrases. The SSH Agent is needed for Agent Forwarding. You can use SSH Agent to remember your SHH passphrase; therefore, you don't need to type your passphrase each time you use your private key. This post does not cover passphrases.

SSH Agent Forwarding: A feature of SSH that allows an SSH server on the remote computer to use the client's SSH Agent to access SSH keys on the local computer.

SSH Agent Setup Steps:

Start the SSH Agent on your local computer
Add your ssh leys to the agent
Connect to the remote computer via SSH with forwarding turned on

Demonstration

In the example below I will share SSH keys with a remote computer to access a git repository.

Verify the local computer has SSH access to Github using the ssh -T command.

SSH into the remote computer and verify it does not have access to Github. On the remote computer, we will receive a 'permission denied' error from Github because the remote computer does not have my SSH credentials.

On the local computer, check if the SSH Agent is running by displaying the $SSH_AGENT_ID environment variable. If it's running, the agent process ID will be displayed. If it's not running, blank will be returned.

On the local computer, start the SSH Agent using the eval command. On success, the Agent process ID will be displayed.

On the local computer, list SSH identifies assigned to the agent using ssh-add -l. Since the SSH was just started, no identities will be returned.

Add the SSH identities, aka SSH keys, defined in the ~/.ssh folder with ssh-add. The ssh-add command will add all identified in the ~/.ssh folder by default. To add a specific identity, use the -T parameter.

Verify the identities were add by running ssh-add -l

Reconnect to the remote computer with SSH and use the -A parameter to set Agent Forwarding on.

On the remote computer, verify Github is now accessible.

Additional SSH Tip

SSH Config

You may have noticed in the demonstration above, the ssh command does not include an IP address or user name. ssh pi3b vs. ssh [email protected]. This is accomplished by using an SSH config file in ./ssh/config:

Host pi3b
    HostName 192.168.1.10
    User pi

SSH Config can also automatically set Agent forwarding for an SSH connection, removing the needs to pass -A with the SSH command.

Host pi3b
    HostName 192.168.1.10
    User pi
    ForwardAgent yes

You can learn more about SSH Config in my post Easier SSH with Config.