ssh forwardagent

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

ssh forwardagent

Max Lapshin-2
I wonder if it is possible to make ssh agent forwarding with erlang ssh system.

We have ssh-proxy server: user connects to proxy with his own
key-pair, then server connects to customer server with his own secret
keypair.

User cannot get private key of this connection.

Question is: how to forward original keypair to customer server?
Reply | Threaded
Open this post in threaded view
|

Sv: ssh forwardagent

Hans Nilsson R (AL/EAB)
If you mean the OpenSSL command

  ssh -J proxy_host  final_host

it is possible with OTP-23.0 (to be released soon).

I started an erlang ssh daemon:

    ssh:daemon(1236, [{tcpip_tunnel_in,true}, {system_dir,DIR}]).

and then wrote in a bash shell:

     ssh -J localhost:1236  [hidden email] -p port

The result was a shell on 'some_host.xy:port' as user 'user'.  The keys was not fetched by the erlang/ssh server.

/Hans

Från: erlang-questions <[hidden email]> för Max Lapshin <[hidden email]>
Skickat: den 10 maj 2020 10:22
Till: Erlang-Questions Questions <[hidden email]>
Ämne: ssh forwardagent
 
I wonder if it is possible to make ssh agent forwarding with erlang ssh system.

We have ssh-proxy server: user connects to proxy with his own
key-pair, then server connects to customer server with his own secret
keypair.

User cannot get private key of this connection.

Question is: how to forward original keypair to customer server?