Macos – How to do SSH agent forwarding on Mac terminal

macossshssh-agentsshdterminal

I have checked many tutorials regarding this but not getting clearly.

As per tuts, there are two way to configure for agent forwarding

in your config file ~/.ssh/config set
```
Host example.com

ForwardAgent yes
```
By adding identity, like ssh-add.

What's use of it

SSH Agent forwarding used to store key pass phrase. So that we don't need to enter pass phrase each time?
Do we need two server to test SSH Agent Forwarding? Please suggest. Or we can test in with single server too?

I have checked this git hub link and followed same steps. I am able to see agent. when run this command echo "$SSH_AUTH_SOCK"
Does that mean it's working?

How can I do it with my server? Please guide me.

UPDATE:
When I trying to ssh, I am getting this error message in terminal

Agent admitted failure to sign using the key.

Best Answer

1) One way to use it is correct, the other is commandline argument -A.

2) Agent is storing pass-phrases for keys. Agent forwarding is for using local identities (with or without pass-phrase) on remote servers without the need to copy them into possibly unsafe environment.

3) You can test with one server, fur example localhost.

4) echo "$SSH_AUTH_SOCK" should verify it is set up, but doing ssh-add -L would verify it more reliably, because it will test the connection to agent.

Related Solutions

Linux – SSH Agent Forwarding not working even when using `ssh -A`

I've been trying to troubleshoot this problem for nearly seven years, and finally it get solved -- I launch keychain in my ~/.profile, which starts its own 'ssh-agent', even on machine B & C. This is the source of the problem, because keychain's ssh-agent overshadow the sshd provided one.

Removing it (keychain) from my ~/.profile solved the problem.

Update, another possibility, ssh-agent etc. usually get started as part of starting up the GUI on the local system. e.g., in another case, the call's hidden in /etc/X11/xdm/sys.xsession!

I confirm my SSH Agent Forwarding is working by doing, in MachineA,

ssh -t MachineB ssh MachineC

while ssh MachineB then, within it ssh MachineC was failing.

I'll start it (ssh-agent from keychain etc) manually only from machine A from now on.

SSH Agent – Loses Identity After Restarting Machine

It's normal. The purpose of a key agent is just to hold decrypted keys in memory, but it will never write them to disk. (That would defeat the purpose – why not just unprotect the main key instead?)

So the keys must be unlocked on each login, and you need to automate this – on Linux using pam_ssh is one option; it automatically uses your OS password to unlock the agent. Another similar module is pam_envoy, which is slightly more reliable afaik (but requires systemd).

Both modules will start the agent itself and load keys automatically.

Best Answer

Related Solutions

Linux – SSH Agent Forwarding not working even when using `ssh -A`

SSH Agent – Loses Identity After Restarting Machine

Related Question