7

If I SSH to targethost via jumphost with agent forwarding enabled, will jumphost have access to my SSH key agent?

ssh -A -J user1@jumphost user2@targethost

Is this still secure, if I don't fully trust jumphost?

Martin Schröder
  • 315
  • 1
  • 5
  • 24
larsch
  • 171
  • 5
  • I don’t know if the agent connection is forwarded to both the jump host and the target host but as far as I know -A isn’t needed in combination with -J if you only need to access the target host. So if you won’t be setting up new ssh connections once you’re logged in to the target host, I don’t think you need -A at all and that makes the security issue a moot point – Bob Sep 11 '20 at 13:02
  • @HermanB I need the -A, since I want to use Git with the SSH key from the agent from the target host. – larsch Sep 11 '20 at 13:42
  • Man pages are not clear on this in your example. I would disambiguate the `-A` by moving the whole thing to `~/.ssh/config`. Create one stanza each for jumphost and for target (including `hostname` and `user`), then `ForwardAgent no` for the jumphost, and `yes` for the target. While I'm about it I'd also add `ProxyJump jumphost` to the stanza for the target. Then the ssh command just becomes `ssh target`. –  Sep 15 '20 at 02:18

1 Answers1

3

No, the jump host will not have access to the agent. According to the man page:

Note also that the configuration for the destination host (either supplied via the command-line or the configuration file) is not generally applied to jump hosts.

You can check this by the way: in order for sshd to be able to communicate with the agent, a socket file is needed, which is created (usually) in a /tmp/ssh-* directory, owned by your user. This will probably be missing on the jump server.

Lacek
  • 7,233
  • 24
  • 28
  • Thanks. However, the lack of presence of a socket on the jumphost does not preclude a malicious implementation of accessing the ssh-agent via the SSH protocol. I'm interested if the ssh client prevents the jumphost from doing that, and only allowing the target host. – larsch Sep 18 '20 at 08:41
  • 1
    On the jump server, the connection between the ssh-agent and the ssh client is nonexistent, since the agent is not connected to the client running on the jump server. So, while the client does not "prevent" the jump server to interact with the agent per se, from the viewpoint of the jump server, there is nothing to interact with. By the way, if you distrust the jump server this much, you should consider not using it at all, since a malicious SSH server implementation can cause problems, not just by interacting with your SSH agent. – Lacek Sep 18 '20 at 13:26