Linux SSH client key forwarding

Source: Internet
Author: User
Preface

When a company's servers are deployed on the Internet, a jump server is set up. to access other servers of the company, an SSH jump from the jump server is required (the firewall rules will be configured accordingly). As mentioned above, the Internet servers must basically log on through the certificate. As a result, we are faced with a situation where the local ssh-> stepping stone-> the target machine. For password verification, this problem does not exist, but for certificate login, it brings about an SSH key forwarding problem.

Linux SSH client key forwarding

If it is a Linux client, when the SSH jump from the Linux client, we usually execute the command

SSH blue @ stepping stone IP Address

Then we jump to the target machine on the jump host.

SSH blue @ IP address of the target machine

The IP address of the stepping stone and the IP address of the target machine are already under the blue account. SSH/authorized_keys is added with the public key. The configuration is okay, but we will encounter an error called pubkey unauthorization because the stepping stone does not have the blue private key. There are always problems, and there are always solutions. SSH provides the forwarding key function, so we can jump from the local machine to the stepping stone machine to forward the private key.

Therefore, the correct method is to execute commands on the local Linux client.

Ssh-a blue @ stepping stone IP

-A indicates the forwarding key. Therefore, the key is forwarded to the jump server.

Next, run the command on the stepping stone.

Ssh-a blue @ IP address of the target machine

The-a parameter here is not necessary. If you do not need to jump from the target machine to another target machine, you do not need to continue forwarding the key.

In addition, you can configure the default configuration file of the local client and change it to the default forwarding key:

Modify ssh_config (not sshd_config, usually in/etc or/etc/ssh): change # forwardagent no to forwardagent Yes

Whether or not the stepping stone host needs to be configured. Similarly, refer to your needs.

Windows securecrt key forwarding

Configure proxy forwarding in securecrt in windows.

Here, we only configure the client to jump to the jump server forwarding key. As to whether the jump server can forward the key, we still need to refer to the above.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.