Forward your ssh key to your server

so here’s the deal

1. you already setup a server act as bastion host
2. you want to connect to all you server (which only have private ip) from bastion host

normally people will use ssh-key, and registered the public key to server using chef… but wait which key ? your bastion host server key or your laptop key ?

oh no it’s my bastion host key. what happen if my bastion host got hack ?

solution

1. put a vpn server which is need an extra knowledge route the vpn traffic accross all you local ip server farm
2. or using ssh-key agent to register your laptop ssh key to all server but you ssh in to it via bastion host here’s you can implement this


execute this command
#vim /etc/ssh/ssh_config

edit that file find “ForwardAgent” make sure the value is “yes”


#sudo service ssh restart
#eval `ssh-agent`
#ssh-add

there you go what you need to do next is make sure you bastion host server also have ForwardAgent value ‘yes’ and you can enter all you server via ssh without have to register you bastion ssh key in each machine, because that command will forward your laptop ssh key.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s