SSH ForwardAgent multiple hops
To have agent forwarding work through multiple hops you simply to need adjust your client configuration on each intermediate system so that agent forwarding.
It could be as simply as making sure your /etc/ssh/ssh_config
has this configured. But if you have per-client configs in ~/.ssh/config
you may need to adjust those settings as well.
Host *
ForwardAgent yes
You can see if agent forwarding happened or if there was an errorif you just add the -v
option.
$ ssh -v issc@server1
OpenSSH_5.9p1 Debian-5ubuntu1.1, OpenSSL 1.0.1 14 Mar 2012
debug1: Reading configuration data /home/zoredache/.ssh/config
...
debug1: Requesting authentication agent forwarding.
debug1: Sending environment.
Linux server1 3.11-0.bpo.2-amd64 #1 SMP Debian 3.11.8-1~bpo70+1 (2013-11-21) x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Sun Dec 15 20:39:44 2013 from 10.2.4.243
issc@server1:~$
Also verify you have a valid environment variable set.
issc@server1:~$ export | grep SSH_AUTH
declare -x SSH_AUTH_SOCK="/tmp/ssh-7VejOmKtNv/agent.57943"