I have checked many results but not getting exactly that what I am doing for agent forwarding is correct or not. Please advice.
I have followed this two links
What I am doing is:
- Home PC
- Server 1
-
Server 2
1.
In Home PC I am creating one Key and adding it to agent with command$ ssh-add ~/.ssh/id_rsa
Also I have set in config file as
Host *
ForwardAgent yes
-
Now I am copying the public key and adding in
authorized_keys
file in Server 1 -
Now I am connecting from Home PC to Server 1 it won't ask me password as I have added key to Server 1
-
Now as in my terminal (Home PC) I have connected with Server 1, I am going to make connection with Server 2 But it is asking me to add password.
-
Is this the correct flow to check agent forwarding? IF it work then It should not ask me to add password right? As I am trying connect with server2 via server1.
Please suggest me the correct way to test weather if am doing wrong.
Best Answer
No, you should never forward agent to untrusted servers (for example where you are not
root
and theroot
could impersonate you). You should do this only for specific list of servers you trust.The server also have to support agent forwarding and it has to be allowed if you want to use it:
AllowAgentForwarding
(insshd_config
).You can check if your agent was forwarded by running
ssh-add -l
on the remote server. If it lists your key, then the agent was forwarded.