If a remote server has password access disabled and relies on authorized SSH keys to manage user access, things can get tricky.
The scenario this gist will solve is:
- Server A (10.0.1.20) has a user account, ubuntu, that we need to be able to use to login to it from a variety of hosts.
- User A has access to a Server A (10.0.1.20) via SSH. Therfore User A's public key is present in Server A's 'authorized_keys' file.
- User A's private key is present on a Bastion host that allows password logins.
- User B needs to access Server A, and therefore needs her public key copied to Server A. Server A doesn't allow password logins, so we're stuck.
The solution is the following:
-
Copy the contents of User B's id_rsa.pub Public Key to a file on host to which User A has access AND contains the private key of a user than can access Server A via SSH. In this example, we acheive the copy by using ssh-copy-id, but you could use really any means.
ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected] (promted for tjohander's password on 10.0.1.15, which is the bastion server in this scenario)
-
Now login to the remote server. User B's public key will be present in ~/.ssh/authorized_keys on the Bastion
-
Copy the public key of User B to a new Key file.
cat ~/.ssh/authorized_keys > ~/.ssh/thomas_shoebox.rsa.pub
-
Add User B's public key to the desination host (Server A), using the identity of User A
ssh-copy-id -f -i ~/.ssh/thomas_shoebox.rsa.pub -o 'IdentityFile ~/.ssh/id_rsa' [email protected]
- Repeat as necessary on any destination host.