SSH from A through B to C, using private key on A

These is my scenario:

  • Host C is not accessible from A.
  • Host B is accessible from A.
  • Host C is accessible from B.
  • Both B and C have ~/.ssh/id_rsa.pub (from A) in authorized_keys
  • B does not have the private key (~/.ssh/id_rsa), since it would be a security risk (the key is personal).
  • since B doed not have the private key, it is not possible to login to C from it

How can I use the key in host A to login to host C? Is this possible? I fear not.

(similar but different to this question)

EDIT

What I would need is a way to provide, on-the-fly (stdin or similar), the private key to the ssh hop in B, without it ever touching the filesystem in B. Is this possible?


Solution 1:

If you are using a recent version of OpenSSH you can simply type:

ssh -J B C

If you are using a slightly older version without -J support you can use a slightly more elaborate syntax:

ssh -o ProxyCommand='ssh -W %h:%p B' C

If you need this every time you ssh from A to C it can be useful to add an entry in your .ssh/config file looking like this (in recent versions):

Host C
   ProxyJump B

Or like this (in slightly older versions):

Host C
   ProxyCommand ssh -W %h:%p B

Using either of the above you can simply type ssh C to open the connection. This is particular useful when you are using ssh indirectly through one of the many tools which utilize ssh for their transport. Not all of these tools provide a straightforward way to pass command line flags to the ssh command.