barrow blog

a chronicle of all the shenanigans we here in the barrow system get up to

SSH Agent Fowarding SLAPS

March 25, 2020 — ~barrow

I just moved from ctrl-c.club, and in preparation i decided to learn how to use scp. (I was going to learn rsync, but whatever lol) Turns out, it's really simple! It's just like cp except you add user@host: in front of either of the file options!

Now, ctrl-c.club handles auth similarly to ~team. Password auth is disabled in favor of pubkey auth. The problem is that i'm copying between two servers.

So, my options seem to be:

  • Copy my ssh private key for ctrl-c.club to ~team so i can login from here
    (bad idea)

  • Make a new ssh key on ~team and add it to my authorized-keys on ctrl-c
    (better idea but still a pain)

  • Use scp from my client with the -3 option, something like scp -3 barrow@ctrl-c.club:.vimrc barrow@tilde.team:.vimrc
    (not only would this be a pain, but i don't even know if i could get it working, since my client is windows and i'm using putty scp)

It was at this moment i finally discovered pageant.
Pageant is the ssh authentication agent built in to putty. Normally when connecting to a server with pubkey auth in putty, it asks you for the password to your private key. Pageant handles this for you. You type in your password once when you load in the key, and it automatically authenticates you. This is cool! It makes auth way quicker and simpler!! But, can this help with my cross-server scp problem?

Actually, yes! See, the geniuses who designed ssh (probably dealing with a similar problem) had the idea for SSH Agent Forwarding. This means that an ssh auth agent running on the client can be used on the server the client is connected to! All I had to do was change one option in putty (Connection -> SSH -> Auth -> Authentication Parameters -> Allow Agent Forwarding). With that option enabled for my connection to ~team, I could simply run scp barrow@ctrl-c.club:.vimrc ~/.vimrc! Pageant (on my client) automatically handled the authentication for the connection!

This is super cool!! I love these sorts of simple things that just work. More and more today it seems like software is designed to make money, but it doesn't have to be! Software can be designed for people, and personally, I think it should.

In any case, I'm hyped to be on ~team, and can't wait to see what shenanigans i get up to! ^_^