How to forward local keypair in a SSH session?

Question

I manually deploy websites through SSH, I manage source code in github/bitbucket. For every new site I'm currently generating a new keypair on the server and adding it to github/bitbucket, so that I can pull chances from server.

I came across a feature in capistrano to use local machine's key pair for pulling updates to server, which is ssh_options[:forward_agent] = true

How can I do something like this and forward my local machine's keypair to the server I'm SSH-ing into, so that I can avoid adding keys into github/bitbucket for every new site.

Answer 1

This turned out to be very simple, complete guide is here Using SSH Forwarding

In essence, you need to create a ~/.ssh/config file, if it doesn't exist.

Then, add the hosts (either domain name or IP address in the file and set ForwardAgent yes)

Sample Code:

Host example.com
    ForwardAgent yes

Makes SSH life a lot easier.

Answer 2

1. Create ~/.ssh/config

2. Fill it with (host address is the address of the host you want to allow creds to be forwarded to):

   Host [host address]
        ForwardAgent yes
   

3. If you haven't already run ssh-agent, run it:

   ssh-agent
   

4. Take the output from that command and paste it into the terminal. This will set the environment variables that need to be set for agent forwarding to work. Optionally, you can replace this and step 3 with:

   eval "$(ssh-agent)"
   

5. Add the key you want forwarded to the ssh agent:

   ssh-add [path to key if there is one]/[key_name].pem
   

6. Log into the remote host:

   ssh -A [user]@[hostname]
   

7. From here, if you log into another host that accepts that key, it will just work:

   ssh [user]@[hostname]
   

Answer 3

To use it simply with the default identity (id_rsa) you can use the following couple of command:

ssh-add
ssh -A [username]@[server-address]