Multi-stage SSH "holding private key locally" pattern and "holding on stepping stone" pattern

Introduction

There are many ways to set up multi-stage SSH if you google, but I stumbled upon the lack of information on the pattern of "having a private key on the platform", so I'll make a note of it for the future.

Special Thanks: @chitoku

If you have it locally

This method is usually preferable.

[A] ----> [B] ----> [C]
 |
 "~/.ssh/id_rsa_for_B"
 "~/.ssh/id_rsa_for_C"
Host B
  Hostname B.example.com
  User user_b
  IdentityFile ~/.ssh/id_rsa_for_B

Host C
  Hostname C.example.com
  User user_c
  IdentityFile ~/.ssh/id_rsa_for_C
  ProxyJump B

Reference: [linux --Ssh from A through B to C, using private key on A --Server Fault](https://serverfault.com/questions/934642/ssh-from-a-through-b-to-c-using -private-key-on-a)

When holding on a stepping stone

It is not recommended because there is a risk of leaking the private key, but it is effective when the private key of the stepping stone is shared by all users.

[A] ----> [B] ----> [C]
 |         |
 |         "~/.ssh/id_rsa_for_C"
 |
 "~/.ssh/id_rsa_for_B"
Host B
  Hostname B.example.com
  User user_b
  IdentityFile ~/.ssh/id_rsa_for_B

Host C
  Hostname C.example.com
  User user_c
  ProxyCommand ssh -o 'ForwardAgent yes' B 'ssh-add ~/.ssh/id_rsa_for_C && nc %h %p'

Reference: [linux --Ssh from A through B to C, using private key on B --Server Fault](https://serverfault.com/questions/337274/ssh-from-a-through-b-to-c-using -private-key-on-b)

Recommended Posts

Multi-stage SSH "holding private key locally" pattern and "holding on stepping stone" pattern
Remove ssh private key passphrase