13

I have checked many tutorials regarding this but not getting clearly.

As per tuts, there are two way to configure for agent forwarding

  1. in your config file ~/.ssh/config set

    Host example.com

ForwardAgent yes

  2. By adding identity, like ssh-add.

What's use of it

  1. SSH Agent forwarding used to store key pass phrase. So that we don't need to enter pass phrase each time?

  2. Do we need two server to test SSH Agent Forwarding? Please suggest. Or we can test in with single server too?

I have checked this git hub link and followed same steps. I am able to see agent. when run this command echo "$SSH_AUTH_SOCK" Does that mean it's working?

How can I do it with my server? Please guide me.

UPDATE: When I trying to ssh, I am getting this error message in terminal

Agent admitted failure to sign using the key.

Niks
  • 791
  • 3
  • 8
  • 18

1 Answers1

8

1) One way to use it is correct, the other is commandline argument -A.

2) Agent is storing pass-phrases for keys. Agent forwarding is for using local identities (with or without pass-phrase) on remote servers without the need to copy them into possibly unsafe environment.

3) You can test with one server, fur example localhost.

4) echo "$SSH_AUTH_SOCK" should verify it is set up, but doing ssh-add -L would verify it more reliably, because it will test the connection to agent.

Jakuje
  • 10,032
  • 5
  • 33
  • 34
  • Thanks for reply, Means we have to add key and ssh simply like with that added key? ssh username@servername.com and it will not ask you passphrase as it's store by agent? can we use servername=localhost? – Niks Aug 04 '15 at 09:56
  • `ssh-add your-key` to add your key to agent (it will ask for pass-phrase once), if it is alive. Then `ssh server` (with `-A` or config option) will not ask for pass-phrase and also other connection from should not ask from that host shouldn't ask for pass-phrase) – Jakuje Aug 04 '15 at 11:15
  • Thanks...Means if I set forward agent Yes in config file then I can ssh without use -A ? Please suggest. – Niks Aug 04 '15 at 11:43
  • hi.. When I ran command $SSH_AUTH_SOCK I am getting result as: -bash: /tmp/ssh-gT43vE99vk/agent.511: Permission denied I am confused here.. weather my agent forwarding working or not.. can you plz guide? also `ssh-add -L` with this it listing SSH key I added. please suggest me. – Niks Aug 08 '15 at 06:37
  • there is no "running command `$SSH_AUTH_SOCK`". It is environment variable which contains path to unix domain socket and you can't obviously run it. But `ssh-add` can communicate with your agent through this socket. I wrote `echo "$SSH_AUTH_SOCK"` which verifies you that the variable is set. – Jakuje Aug 08 '15 at 07:24
  • thanks a lot man for reply..as per above result of this variable..does that mean my agent forwarding is working? or any way that I can confirm that it's working successfully? sorry if this silly question I don't know much about it. – Niks Aug 08 '15 at 07:37
  • If it works for you to connect to one server it means it works. If you are able to list keys on the remote server, where is forwarded agent using `ssh-add -L`, then it is working and you should be able to connect with the same keys to another server where you have set up pubkey auth. – Jakuje Aug 08 '15 at 07:45