![]() ![]() You can probably get away without the IdentityFile directives if you know you will have already loaded the keys into your local agent. Assume the following setting: machine foo is a jump host and provides access to host bar via its localhost:10022 bar sits inside a network inside of which we can access host rdp and access its RDP port (3389). Example ~/.ssh/config entries: Host target NB: The OpenSSH clients I am using are all at version 7.2, so no RemoteCommand available. Either continue with that, or use ssh-agent and forwarding to provide password-less access I presume you want to keep. ![]() Suggested workaround: you've already got the setup working with the proxy-to-target key on your local PC. In my case, they only ever exist on my local machine, and always have good passphrases. In general, it's best to secure your private keys well. Moreover: you probably don't want to store the private key for proxy-to-target access on the proxy if you did, it would have to be a key with no passphrase, which is always bad security practice. You can't reference remote (proxy) files from your PC that ssh can access at the time ssh is trying to establish the connection. Reason: All config file (or command-line) references on your local PC are to files residing on your local device (PC). ![]() is it possible to keep the privkey in the proxy and reference it in the PC so I don´t have to move it to the PC? If I bring the privkey from the proxy to the PC and I specify with -i for example, it works (that would be ssh -i mypubkey -J So my question is: is it possible to keep the privkey in the proxy and reference it in the PC so I don´t have to move it to the PC? In the proxy server I tried to add the IdentityFile directive in ~/.ssh/config and in /etc/ssh/ssh_config but apparently when I call the proxy from the PC as the jump host, it won´t take configurations from those files. I tried: ssh -J -Ao Prox圜ommand="ssh -W %h:%p it gives me error Permission denied (publickey). Now, from the PC, I don´t know how to run one command and end up in the target since I have to specify the privkey in the proxy. In the proxy I have to specify ssh -i mypubkey to connect fine (it´s not the default key). So, I just run ssh in the PC and it connects fine to the proxy. The privkey in the PC matches the PC pubkey in the proxy and they are in the default directory. Authentication from the proxy to the target and from the PC to the proxy use pubkey authentication and each machine has its own key pair. I want to do a proxyjump from the PC to the target going through the proxy. I couldn´t find my specific case in other threads.īasically I have my PC (ubuntu), a proxy (Debian), and a target (Debian). ![]()
0 Comments
Leave a Reply. |