Using the ssh-agent passphrase forwarding facility

Contact Person: Charles F. Maguire
WWW location http://www.hep.vanderbilt.edu/~maguire/simulation/sshAgentForward.html
Creation Date: January 11, 2007
Initial Release: January 11, 2007

Introduction

The ssh-agent passphrase forwarding capability is intended to create shell window in which you can use the ssh command to access another computer system without having to enter your passphrase on that system. I obtained the instructions on how to implement this forwarding on the VUPAC system from Momchil Velkovsky.

SSH2 on VUPAC

You can find information about the ssh2 system used on VUPAC at this site. The steps are the following

  1. On your VUPAC node give the command: ssh-keygen -t dsa
  2. The above command will ask that you gave a passphrase which you will use on the VUPAC node.
  3. Go to your own $HOME/.ssh subdirectory.
  4. You should see the files id_dsa and id_dsa.pubDo the following copy command: cp id_dsa.pub authorized_keys2
  5. The above command has made the file authorized_keys2 in this subdirectory.
  6. Last, execute the command: ssh-agent sh -c 'ssh-add < /dev/null && tcsh'
  7. This command will ask you for your passphrase on the VUPAC system. After you enter the passphrase you will see something the following output, with your account name instead of mine

    Identity added: /home/maguirc/.ssh/id_rsa (/home/maguirc/.ssh/id_rsa)
    Identity added: /home/maguirc/.ssh/id_dsa (/home/maguirc/.ssh/id_dsa)

  8. There should now be a new shell for you in the same window. You should be able to ssh into any other VUPAC node, or an RCF node, in this window without being asked for your passphrase. If you have never logged into the other node, you will first be asked whether you want to continue connecting. Just reply with a yes. This message will only be asked if you have never logged into the node before.
  9. After you terminate this shell, you are back in your original shell in the same window, but without the ssh passphrase forwarding capability.
  10. For later convenience, you can put the following alias command in your startup .cshrc file
    alias SSHAGENT "ssh-agent sh -c 'ssh-add < /dev/null && tcsh'"
    If this alias is installed, then all you have to do is type the command: SSHAGENT, followed by your passphrase, and this will start the second shell for you.