2

I'm on macos with a Yubikey. The Yubikey's publickey is added to ServerA and ServerB. I can connect to any server directly from macos with the Yubikey plugged in.

Is it possible to SSH to ServerA and from there to ServerB like so:

macos -> ServerA -> ServerB

This does not work out of the box because the publikey of user@ServerA is not known on ServerB.

Is it possible to have ServerA use the Yubikey that is plugged into the mac when connecting to ServerB via SSH?

Nils
  • 23
  • 2
  • I don't understand the bit about the public key not being known but it sounds like you're looking for `man ssh`, particularly the `-J` option. – Ginnungagap Sep 07 '18 at 20:53

1 Answers1

1

You have a couple options:

  1. Agent forwarding (-A)

    $ ssh -A ServerA
[ServerA] $ ssh ServerB

  2. ProxyJump (-J)

    $ ssh -J ServerA ServerB

I've used both of these with gpg-agent and Yubikey.

guzzijason
  • 1,410
  • 8
  • 18
  • I vote for the ProxyJump option. It's simpler (especially if you put it in ~/.ssh/config on the client), works transparently with `scp` and `sftp`, and doesn't expose anything other than encrypted connection on ServerA (just in case that's been exploited somehow). – Gordon Davisson Sep 08 '18 at 11:47