1

Schematic:

    ssh       ssh
A ------> B ------> C
    ^          ^
 using A's   using B's
 ssh key     ssh key

Preconditions:

  • A is running ssh-agent
  • A can access B
  • B can access C
  • A can't access C directly
  • A's ssh public key is present in B:~/.ssh/authorized_keys
  • B's ssh public key is present in C:~/.ssh/authorized_keys

What I tried

Following this question, I tried the related answer, here is my .ssh/config

Host proxy
  HostName 10.10.10.10
  User foo
  Port 1234
  IdentityFile ~/.ssh/id_rsa

Host target 
  HostName 11.11.11.11
  User bar
  Port 5678
  ProxyCommand ssh -o 'ForwardAgent yes' proxy 'ssh-add && nc %h %p'

This works:

$ ssh -t proxy ssh bar@11.11.11.11 -p 5678

This doesn't works:

$ ssh -t proxy ssh target
ssh: Could not resolve hostname target: Temporary failure in name resolution
Connection to 10.10.10.10 closed.

$ ssh target
Could not open a connection to your authentication agent.
kex_exchange_identification: Connection closed by remote host
Connection closed by UNKNOWN port 65535

I also tried with this configuration following this question:

Host proxy
  HostName 10.10.10.10
  User foo
  Port 1234
  IdentityFile ~/.ssh/id_rsa

Host target 
  HostName 11.11.11.11
  User bar
  Port 5678
  ProxyCommand ssh -W %h:%p proxy

But when I run ssh target, it keep asking for password

I would like to simply run ssh target but I'm stuck.

Ramhound
  • 44,080
J.Nexus
  • 11

1 Answers1

0

You should copy the private key from B to A (change the name of id_rsa)

scp proxy:.ssh/id_rsa ~/.ssh/id_rsa_second

Then you can use

Host proxy
  HostName 10.10.10.10
  User foo
  Port 1234
  # IdentityFile ~/.ssh/id_rsa  # Not necessary, it's the default

Host target 
  HostName 11.11.11.11
  User bar
  Port 5678
  IdentityFile ~/.ssh/id_rsa_second
  ProxyJump proxy

Now this should work: ssh target

jeb
  • 433