SSH Jump Host WITHOUT Agent Forwarding
Although a simple question, I have searched for days without success.
M = My machine
J = Jump Host
S = Server
Jump Host has my public key on authorized_keys.
Server has J's public key on authorized_keys.
Allowed connections (due to key authentication):
M -> J
J -> S
How is it possible for me to ssh into S from my machine?
My current configuration is:
host jump
user root
HostName x.x.x.x
host server
user root
HostName x.x.x.x
port 22
ForwardAgent no
ProxyCommand ssh jump -W %h:%p
It does not work as it tries to login with M's key.
Here's the ssh log
debug1: Host 'x.x.x.x' is known and matches the ECDSA host key.
debug1: Found key in /Users/xxxxx/.ssh/known_hosts:1542
...
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/xxxxx/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /Users/xxxxx/.ssh/id_dsa
debug1: Trying private key: /Users/xxxxx/.ssh/id_ecdsa
debug1: Trying private key: /Users/xxxxx/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey).
Killed by signal 1.
Answer
Yes. Of course it tries to login with M's key. You are not really connecting from J to S.
The first ssh connection is from M to J. This one simply sets up some forwarding. The second ssh connection is directly from M to S using the forwarding set up by the first ssh. - No chance to use the key on J.
You might use ssh -A jump ssh-add to add J's key to your agent.
Then your setup should work fine.
Another idea might be something like ssh -t jump ssh server. This way you log into J and from there you log into S, pretty much as you expected it.