Thursday, March 31, 2016

Pageant for Mac - Using Jump Server on Mac

If you use putty on windows, you probably used pageant to store multiple keys, ssh to jump server and then ssh to your work machine. If you ended up on Mac for some reason and you have a production situation, there is no reason to panic. Mac systems have Keychain - a software that manages your keys including ssh keys. There are 3 steps to use it for jumping.


1. Add your ssh keys to Keychain.
2. Create an ssh  config file to access jump terminal
3. Agent forwarding

1. Adding keys

If you had ppk/putty keys you need to convert them. If you have ssh keys then you can add them without converting. I had puttygen on my mac. If you were using Windows machine, you can convert ppk keys to ssh key on Windows and then add on Mac.

I had two keys - if you have only one that is fine.
puttygen user_rsa.ppk -O private-openssh -o user_rsa.key
puttygen jump.ppk -O private-openssh -o jump.key

If a window pops up then DO NOT hit generate key. 
1. Load your private key and then 
2. Go to Conversions tab and export open ssh key. Save as jump.key whatever 
3. Copy the key to your mac and do the below:

ssh-add -K /Users/raguk/Documents/access/user_rsa.key
ssh-add -K /Users/raguk/Documents/access/jump.key

2. Create an ssh config file.

Create the ~/.ssh folder if you do not have one.

raguk$ cd ~/.ssh
raguk$ cat config

Host jump
Hostname
Port 12345
User raguk
IdentityFile /Users/raguk/Documents/access/jump.key
ForwardAgent yes

3. Agent forwarding

You have already done it in the last step. The last red line on the config file is crucial.  You can now

laptop>ssh jump
server1>ssh server2

Remember not to store the keys on jump server. That defeats the purpose of using a jump server. ssh -A will also do the agent forwarding. Happy jumping.

No comments: