Tried out ProxyJump as suggested by @JensErat.
I configured it like this in ssh config: Host jump-to-server HostName server.hostname ProxyJump [email protected] User ubuntu
But it does not work, it just hangs during connection. Do I need gnupg installed on the jump server also?
I have 2 computers running OSX. home and laptop. I also have a number of servers that I need to access, let's refer to them all as server.
On home and laptop I have installed gnupg 2.1.20 and I have a yubikey that works on them both. I can connect to a server using the yubikey over ssh.
Servers only have regular ssh, no gnupg.
This works great using gnupg and yubikey:
home > server
laptop > server
laptop > home
I have added the following in .bash_profile on home and laptop to make this work:
if [ -f "${HOME}/.gpg-agent-info" ]; then
. "${HOME}/.gpg-agent-info"
export GPG_AGENT_INFO
export SSH_AUTH_SOCK
fi
I would also like to do this
laptop > home > server
To do this I have read that I read I need to open an extra socket so this is .gnupg/gpg-agent.conf on laptop:
pinentry-program /usr/local/bin/pinentry-mac
extra-socket /Users/deadlock/.gnupg/S.gpg-agent.extra
enable-ssh-support
write-env-file
use-standard-socket
default-cache-ttl 600
max-cache-ttl 7200
allow-preset-passphrase
This is the same on home:
pinentry-program /usr/local/bin/pinentry-mac
enable-ssh-support
write-env-file
use-standard-socket
default-cache-ttl 600
max-cache-ttl 7200
gpg-agent is running on both laptop and home; I have made sure ssh-agent is NOT running.
I have configured home like this in ~/.ssh/config
Host home
HostName 12.34.45.67
Port 22
User jens
ForwardAgent no
RemoteForward /Users/jens/.gnupg/S.gpg-agent /Users/jens/.gnupg/S.gpg-agent.extra
This does not work. On laptop, ssh-add -l lists my keys, but after I try to ssh home. I cannot ssh further to server. It just hangs or fails with that it could not authenticate.
If possible I would also be able to do this
laptop > server > server
but since server is not running gnupg at all I don't know if it is possible?
