What is SSH? What is SSH Agent

1. We can use encrypted password for SSH authentication but it is not convenient and subject to brutal-force password guessing attack.
2. So, we use public key authentication mechanism
3. Generate SSH key pair - public and private key (ssh-keygen)
4. Enter passphrase to protect private key
5. Copy private key to ~/.ssh/identity, mode 0600
6. Copy public key to the remote machine in ~/.ssh/authorized_keys
7. However, we still prompt for passphrase each time we do ssh. But the good thing is we just need to remember single passphrase for all the private keys.
8. Use ssh agent to manage your private key, so you just need to enter the passphrase once for all ssh communication. To do that, you need to add the private key to the ssh agent via “ssh-add” and we can do “ssh-add -l” to see all the private keys the agent is managing.

ssh-keygen -t rsa
scp target ~/.ssh/id_rsa.pub target:.ssh/authorized_keys2
cat ~/.ssh/id_rsa.pub | ssh target “cat >> ~/.ssh/authorized_keys2″

What is SSH Agent Forwarding

If you tend to “visit” the Internet from one machine, but indirect through many others, you might find it useful to enable SSH forwarding, which in effect says “when I ssh to another machine, if I ssh from there, please redirect all authentication requests to my original machine where my agent is running.” This makes it possible to “log in” to your local machine and then go anywhere. Port Forwarding

1. SSH can forward arbitrary TCP ports over the encrypted pipe.
2. “ssh -L 8080:remotemach:80 (On the client, TCP port 8080 is forwarded through the encrypted pipe to port 80 on the remote machine.