Carmel wrote:
On Fri, 08 Jan 2010 10:13:52 -0500 Lowell Gilbert <freebsd-questions-lo...@be-well.ilk.org> articulated:Carmel <carmel...@hotmail.com> writes:The agent can be forwarded with the connection. In your case, it would remove the need for a second key on the second machine.On Fri, 8 Jan 2010 14:58:23 +0100 Pieter de Goeje <pie...@service2media.com> articulated:You might want to take a look at ssh-agent. I think PuTTY has an equivalent. It lets you do remote logins without putting your key(s) everywhere. I've not yet tried this myself, but I plan on testing it sometime.I use agent. All that agent does is cache your password so you do not have to re-enter it each time you make a connection.I was not aware of that. I will have to read up on how to accomplish it.
You just put the public key from Computer 1 in ~/.ssh/authorized_keys on both the machines (Computer 2, Computer 3) where you want access. You'llhave to use 'ssh-keygen -i -f filename' to convert the pubkey from the SSH2 format Putty uses to the OpenSSH format FreeBSD uses, and you need to be careful to make the authorized_keys file writable only by the account UID. You can prepend the line in the authorized_keys files with from="hostname" to only permit access from a specific host if you like. See the section 'AUTHORIZED_KEYS FILE FORMAT' in sshd(8) for details. You don't need to
install any private keys on Computer 2 or Computer 3. Then when you load the key into the agent, be sure and check the 'Forward the Agent' tickbox. Similarly, when you connect from computer 2 to computer3 just add '-A' to the ssh command line, as in: 'ssh -A computer3' -- this achieves the same agent forwarding under OpenSSH. Computer 3 will ask
computer 2 for authentication, and computer 2 will relay this request back to computer 1 where there is access to your private key. You can hop through a large number of machines this way, and so long as you keep forwarding the agent it should all work. Cheers, MatthewNote that pageant, or ssh-agent (which is the FreeBSD equivalent) doesn't cache the passphrase. It stores a decrypted copy of your private key in memory. Don't leave the agent running on an unattended machine that anyone else can access.
-- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW
signature.asc
Description: OpenPGP digital signature