Although a simple question, I have searched for days without success.
M = My machine
J = Jump Host
S = Server
Jump Host has my public key on authorized_keys.
Server has J's public key on authorized_keys.
Allowed connections (due to key authentication):
M -> J
J -> S
How is it possible for me to ssh into S from my machine?
My current configuration is:
host jump
user root
HostName x.x.x.x
host server
user root
HostName x.x.x.x
port 22
ForwardAgent no
ProxyCommand ssh jump -W %h:%p
It does not work as it tries to login with M's key.
Here's the ssh log
debug1: Host 'x.x.x.x' is known and matches the ECDSA host key.
debug1: Found key in /Users/xxxxx/.ssh/known_hosts:1542
...
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/xxxxx/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /Users/xxxxx/.ssh/id_dsa
debug1: Trying private key: /Users/xxxxx/.ssh/id_ecdsa
debug1: Trying private key: /Users/xxxxx/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey).
Killed by signal 1.
Best Answer
Well that is your problem. The connection to both the jump host, and the final destination are initiated directly from your client in this setup. Your client must have the correct key for both systems.
The
ssh jump -W %h:%p
in the proxy command starts a ssh session to your jump host, but doesn't create a shell, it just creates a tunnel directly to the destination host. Then your client makes an ssh to the tunnel. At no point is a shell started on the jump host that would let you access any keys stored on that intermediate host in this type of setup. Messing around with forwarding doesn't do anything. No forwarding is used to initiate the connection.