2

I want to connect from host A via host B via host C to host D with SSH keys, without modifying the SSH config.

Host A is on a public internet, hosts B, C and D are on the same local network.

  • Host B accepts keys from host A.
  • Host C accepts only keys from host A.
  • Host D accepts only keys from host A.

Is this doable?

Giacomo1968
  • 58,727
erg
  • 21

1 Answers1

2

Assuming all of the hosts — A, B, C and D — all have the public key from your client in their respective ~/.ssh/authorized_keys file, you would just use the -A option (authentication agent forwarding) with the initial SSH connection like this:

ssh -A hostA.com

More on the -A option (authentication agent forwarding) can be found in the man page; man ssh:

-A Enables forwarding of the authentication agent connection. This can also be specified on a per-host basis in a configuration file.

Agent forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host (for the agent's Unix-domain socket) can access the local agent through the forwarded connection. An attacker cannot obtain key material from the agent, however they can perform operations on the keys that enable them to authenticate using the identities loaded into the agent.”

Giacomo1968
  • 58,727