Simple jumphost ssh-agent config

You can find many tutorials online on how to use ssh-agent or ssh-ident correctly.

This is a short and simple two line fix aimed at a specific use i.e. a single connection to a jumphost.

Add this to your .bashrc

alias jump='eval ssh-agent && ssh-add ~/.ssh/id_rsa && ssh -A -i "~/.ssh/id_rsa" jan@jumphost.domain.name'

So now when you type jumphost:

  • An ssh-agent will start
  • Relevant keys are added to the agent
  • You ssh to the jumphost with agent forwarding (-A)

And from the jumphost you can ssh connect to anywhere because you forwarded your keys.

Possible drawbacks:

  • The primary benefit is that with this method your ssh keys stay on your local machine (and not on e.g. the jumphost). But it also means you still have to enter your ssh passphrase for each session: in my case this is not a problem I usually need one session to my jumphost. If you set up lots of sessions, this may be a problem because you have to keep entering your passphrase (usually one of the reasons of running ssh-agent in the first place) and every session starts it’s own ssh-agent.
    If you do not use as ssh passphrase this is not an issue (though you really should use a passphrase).
  • Your ssh-agent will run forever. So add this to ~/.bash_logout
pkill ssh-agent

Drawbacks:

  • *Any* bash logout will kill your ssh-agent. Again: not a problem if you just use one session at a time.

This setup works for quick access from a let’s say a secondary machine to my jumphost, to quickly check some things. On my primary machine (for real work) I just use this.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *