On Wed, Oct 04, 2006 at 06:18:02PM -0400, Jason Powers wrote: > I have looked through the archives and googled this pretty thoroughly, > I'm having a tough time finding someone else who has asked the same > question previously. There's a lot of information about openssh, but > surprisingly little detail about port forwarding.
Er, your e-mail doesn't appear to be about port forwarding at all... It seems to be about connecting with ssh-agent. Presumably this was just a think-o and you didn't really mean to ask about port forwarding? > Now let's say that I have a linux desktop and two linux servers, > assuming I've configured things correctly, then from the desktop box I > should be able to: Trouble is, "assuming I've configured things correctly" is rather a big assumption. ;-) > [EMAIL PROTECTED]> ssh-add > (type pass for key) > [EMAIL PROTECTED]> ssh [EMAIL PROTECTED] > > now from that terminal > [EMAIL PROTECTED]> ssh [EMAIL PROTECTED] > > It asks me for a password when I try to jump to the second server. I can > put the password in and it works, but I think at this point it should be > forwarding the key. By default (at least as shipped by some vendors), agent forwarding is turned off. You need to explicitly enable it, either by modifying /etc/ssh/ssh_config, ~/.ssh/config, or by specifying -A on the ssh command line. If you want to make this the default (not recommended), look in one of the aforementioned config files for the following: # Host * # ForwardAgent no Uncomment and change that to yes. But this is not recommended because it means that ALL ssh agents will be forwarded to ALL servers to which people are connecting to from that machine (where you made the config change). This is generally a bad idea, because IIUC it means that an unencrypted copy of your ssh keys will be available on machines outside your organization's control. While the risk is probably low if you only ever connect to "trusted" sites, in theory a malicious site/admin could hack sshd to record such keys or otherwise snoop them. This is why it's turned off by default. -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0x81CFE75D
pgphu5XYnF51j.pgp
Description: PGP signature
