bruce writes:
Hey... (again)
Still trying to get my mind around how to solve this. Someone mentioned ssh
forwarding, but I've not gotten it to work.
Say I have 5 boxes on my network,
box1
box2
box3
box4
box5
Each box has a generic user - user1, with limited perms/access
On my local box, i create a pub/private ssh key. I copy the pub key to each
box..
From my local box, I can then ssh -using the priv/pub key into box1.
From box1, can I then hop/ssh over to box2, using the pub key for the user1
that I created/installed?
I'm trying to figure out how I can hop between boxes as needed without
having to have lots of pub/private keys ...
What do I need to add to the local box, or to box1 / box2 to permit me to
hop from box1 to box2 without having to add a key from/between box1 and
box2?
if ssh forwarding is the soln, what has to be added to which files, on
which boxes?
I don't think that you can do that with ssh-forwarding. You generate a key-pair
- a private and a public key. You copied the public key already to the boxes, so
so you can login from the local box.
You would need now to copy also the private key to all the boxes into ~/.ssh of
the user which you want to use (user1). Since the
fitting public key is already everywhere in the authorized_keys-file in ~/.ssh,
you should then be able to log into box2 from box1. But beware: since every box
has now your private key, if one your remote boxes gets compromised all boxes
are compromised because the attacker can now log into the other boxes without a
password.
You might want to protect your private key with a strong password that doesn't
get cached by something like ssh-agent but which you need to type everytime when
you want to use your key if the boxes are exposed to the internet.
Niels