One SSH key to rule them all: Forward your SSH agent session in 15 seconds

Recently, I used a tool that spoke of “forwarding” my SSH session to the server and thus avoiding needing to copy my private key to the server in order to be able to access Git repositories or other servers where I log in by public key.

If you manage your keys at all, you can immediately see the allure here.

The configuration is ridiculously easy. Put this in your $HOME/.ssh/config file* (Windows users, check PuTTY settings; it can probably do this too).

Host <hostname>

ForwardAgent yes

You can, of course, combine this with other options such as HostName and User.

I tested it with Fill PDF Service:

Host fps

HostName fillpdf-service.com

User myusername

ForwardAgent yes

ssh fps
cd /path/to/my/web/root
git pull

(The Git repository is password-protected, and my Git setup uses SSH for authentication by default.)

I got back: Already up to date.

I used to be prompted for my password, but that’s yesterday’s news…quite literally.

Extra tip: If no one else uses your computer, you can put ForwardAgent yes on its own line. This will forward your agent to all servers you connect to. I’m not an SSH expert, but as far as I know, ssh-agent is designed to be extremely secure. The main risk is if someone is using your computer directly, but that applies to most things. SSH Agent sessions are restricted to the current user session via environment variables (so no one can simply switch to you on a server to get access).

It blew me away how easy it is to get this going. 2013 is the year of SSH agent forwarding for me. Hope this helps!

* If the file doesn’t exist, create it. Make sure the permissions on the .ssh directory are 600 (drwx——).

Be Sociable, Share!
This entry was posted in Life of a Web Developer, Tips, Toolbox and tagged , , , , . Bookmark the permalink. Trackbacks are closed, but you can post a comment.