Macos – SSH – is this the correct way to forward agent

macossshssh-agentterminal

I have checked many results but not getting exactly that what I am doing for agent forwarding is correct or not. Please advice.

I have followed this two links

  1. Github
  2. unixwiz

What I am doing is:

  1. Home PC
  2. Server 1
  3. Server 2

    1.
    In Home PC I am creating one Key and adding it to agent with command $ ssh-add ~/.ssh/id_rsa

    Also I have set in config file as

Host *

ForwardAgent yes

  1. Now I am copying the public key and adding in authorized_keys file in Server 1

  2. Now I am connecting from Home PC to Server 1 it won't ask me password as I have added key to Server 1

  3. Now as in my terminal (Home PC) I have connected with Server 1, I am going to make connection with Server 2 But it is asking me to add password.

  4. Is this the correct flow to check agent forwarding? IF it work then It should not ask me to add password right? As I am trying connect with server2 via server1.

Please suggest me the correct way to test weather if am doing wrong.

Best Answer

Host *
ForwardAgent yes

No, you should never forward agent to untrusted servers (for example where you are not root and the root could impersonate you). You should do this only for specific list of servers you trust.

The server also have to support agent forwarding and it has to be allowed if you want to use it: AllowAgentForwarding (in sshd_config).

You can check if your agent was forwarded by running ssh-add -l on the remote server. If it lists your key, then the agent was forwarded.