This is an old revision of the document!
Table of Contents
Ubuntu - SSH - Agent forwarding
SSH agent forwarding allows you to use your local SSH keys on a remote server without physically copying them to the server.
- It works by forwarding requests from the SSH client on the server back to your local machine’s SSH agent.
SSH agent forwarding is built into ssh, and the ssh-agent process is launched automatically.
- Just make sure the keys are added to ssh-agent and configure ssh to use forwarding.
Add Keys to ssh-agent
Use the utility ssh-add to add keys to the local agent.
Assuming the private key is stored in id_rsa, run:
ssh-add ~/.ssh/id_rsa
NOTE: The key can also be manually pasted in rather than using id_rsa.
Check that the key is added properly
ssh-add -L
NOTE: If it is, it should display the key.
Allow Forwarding in the Clients Config
Edit the ~/.ssh/config file on the local machine, or make a new one if it is empty.
Set a new rule to make sure agent forwarding is enabled for the domain of this server.
- ~/.ssh/config
Host <example> ForwardAgent yes
NOTE: Replace <example> with the servers domain name or IP address.
- The wildcard * can be used for the host, but then this will be forwarding access of the private keys to every server being connected to, which is probably not what you want.
Enable SSH agent forwarding
To enable SSH agent forwarding, use the -A option with the ssh command when connecting to your remote server.
- Alternatively, configure it permanently in the ~/.ssh/config file by adding ForwardAgent yes under the host entry.