SSH proxyjump with identityfile in the proxy only
Rise to the top 3% as a developer or hire one of them at Toptal: https://topt.al/25cXVn
--------------------------------------------------
Music by Eric Matyas
https://www.soundimage.org
Track title: Horror Game Menu Looping
--
Chapters
00:00 Ssh Proxyjump With Identityfile In The Proxy Only
01:33 Accepted Answer Score 13
02:54 Thank you
--
Full question
https://superuser.com/questions/1323296/...
--
Content licensed under CC BY-SA
https://meta.stackexchange.com/help/lice...
--
Tags
#linux #ssh #proxy #openssh #publickey
#avk47
ACCEPTED ANSWER
Score 13
[...] is it possible to keep the privkey in the proxy and reference it in the PC so I donĀ“t have to move it to the PC?
Short answer: No
Reason: All config file (or command-line) references on your local PC are to files residing on your local device (PC). You can't reference remote (proxy) files from your PC that ssh can access at the time ssh is trying to establish the connection.
Moreover: you probably don't want to store the private key for proxy-to-target access on the proxy; if you did, it would have to be a key with no passphrase, which is always bad security practice. In general, it's best to secure your private keys well. In my case, they only ever exist on my local machine, and always have good passphrases.
Suggested workaround: you've already got the setup working with the proxy-to-target key on your local PC. Either continue with that, or use ssh-agent and forwarding to provide password-less access I presume you want to keep. Example ~/.ssh/config entries:
Host target ProxyJump user@proxy IdentityFile .../target-id_rsa Host proxy IdentityFile .../proxy-id_rsa ForwardAgent yes
You can probably get away without the IdentityFile directives if you know you will have already loaded the keys into your local agent.