# Two-step remote ssh without password

I'm aiming to ssh from my localhost to a remote web server, and also from there to a remote computer system. I presently have it set up to make sure that the remote computer system and also remote web server have passwordless ssh - ing set up in between them, yet if I ssh from my localhost right into the web server, and afterwards attempt to ssh to the computer system from there, I get:

Enter passphrase for key '/home/user/.ssh/id_dsa':
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive).


If I attempt to ssh from a terminal open on the remote web server to the remote computer system, it functions simply great. Does it have something to do with my display screen not being :0.0, or another thing totally? I've attempted xhost +local: yet been shed past that.

Many thanks

4
2022-06-07 14:39:44
Source Share

If both systems have the general public key of your neighborhood system usage -A.

From ssh(1)

-A      Enables forwarding of the authentication agent connection.  This
can also be specified on a per-host basis in a configuration file.


Also recognize this caution:

        Agent forwarding should be enabled with caution.  Users with the
ability to bypass file permissions on the remote host (for the
agent's UNIX-domain socket) can access the local agent through the
forwarded connection.  An attacker cannot obtain key material from
the agent, however they can perform operations on the keys that
enable them to authenticate using the identities loaded into the
agent.


The outcome is that when you auth versus the 2nd host the auth is sent right back to the host where you literally stay.

Instance:

[email protected]:~ $ssh -A host1 Last login: Thu Jun 14 11:31:53 2012 from 2001:db8::b0 [email protected]:~$ ssh -A host2
Last login: Thu Jun 14 11:41:05 2012 from 2001:db8::b1
[email protected]:~ $ssh -A host3 Last login: Tue Jun 12 10:46:50 2012 from 2001:db8::b2 [email protected]:~$

3
2022-06-07 15:11:42
Source

Your representative is incapable to pass verification on the remote computer system. You can port - onward a link to connect straight to the remote equipment if you would certainly such as.

See this article on SSH multi-hop and also miss to the area concerning ProxyCommand

in ~/.ssh/config:

Host remotecomputername
ProxyCommand ssh -q remoteservername nc -q0 remotecomputername 22

1
2022-06-07 15:09:24
Source