Copy SSH public key to system behind a jump box



  • When I directly connect via SSH during initial setup, I just use ssh-copy-id to get my public key in place.

    But how can I do that if my only SSH access to the system is behind a jump box?

    I can SSH in easily with ssh -J jump.domain.com 10.X.X.X with password auth. But I don't want to leave password auth enabled.

    I can SSH in once with password and manually create the authorized_keys files (and the .ssh folder for that matter), but then I need to worry about permissions, etc.



  • Ok, I think I got it working now.

    # From your host to your JUMPBOX
    # Not needed if your public key is already in placed
    cat ~/.ssh/id_ed25519.pub | ssh jump.domain.com 'umask 0077; mkdir -p .ssh; cat >> .ssh/authorized_keys'
    
    # From your host to the host behind your JUMPBOX
    cat ~/.ssh/id_ed25519.pub | ssh -J jump.domain.com 10.X.X.X 'umask 0077; mkdir -p .ssh; cat >> .ssh/authorized_keys'
    
    # Connect to your host behind your JUMPBOX
    ssh -J jump.domain.com 10.X.X.X
    


  • @JaredBusch said in Copy SSH public key to ssem behind a jump box:

    I can SSH in once with password and manually create the authorized_keys files (and the .ssh folder for that matter), but then I need to worry about permissions, etc.

    Will something like this work?

    cat ~/.ssh/id_key.pub | ssh -J jump.domain.com 10.X.X.X -o IdentitiesOnly=yes 'umask 0077; mkdir -p .ssh; cat >> ".ssh/authorized_keys && echo "Key copied"'
    


  • @black3dynamite said in Copy SSH public key to ssem behind a jump box:

    @JaredBusch said in Copy SSH public key to ssem behind a jump box:

    I can SSH in once with password and manually create the authorized_keys files (and the .ssh folder for that matter), but then I need to worry about permissions, etc.

    Will something like this work?

    cat ~/.ssh/id_key.pub | ssh -J jump.domain.com 10.X.X.X -o IdentitiesOnly=yes 'umask 0077; mkdir -p .ssh; cat >> ".ssh/authorized_keys && echo "Key copied"'
    

    Does that give it the right selinux type also? I’m not at a computer now to test.



  • @JaredBusch said in Copy SSH public key to ssem behind a jump box:

    @black3dynamite said in Copy SSH public key to ssem behind a jump box:

    @JaredBusch said in Copy SSH public key to ssem behind a jump box:

    I can SSH in once with password and manually create the authorized_keys files (and the .ssh folder for that matter), but then I need to worry about permissions, etc.

    Will something like this work?

    cat ~/.ssh/id_key.pub | ssh -J jump.domain.com 10.X.X.X -o IdentitiesOnly=yes 'umask 0077; mkdir -p .ssh; cat >> ".ssh/authorized_keys && echo "Key copied"'
    

    Does that give it the right selinux type also? I’m not at a computer now to test.

    The correct selinux type should be unconfined_u:object_r:ssh_home_t:s0



  • Ok, I think I got it working now.

    # From your host to your JUMPBOX
    # Not needed if your public key is already in placed
    cat ~/.ssh/id_ed25519.pub | ssh jump.domain.com 'umask 0077; mkdir -p .ssh; cat >> .ssh/authorized_keys'
    
    # From your host to the host behind your JUMPBOX
    cat ~/.ssh/id_ed25519.pub | ssh -J jump.domain.com 10.X.X.X 'umask 0077; mkdir -p .ssh; cat >> .ssh/authorized_keys'
    
    # Connect to your host behind your JUMPBOX
    ssh -J jump.domain.com 10.X.X.X
    


  • @black3dynamite said in Copy SSH public key to ssem behind a jump box:

    # From your host to your JUMPBOX
    # Not needed if your public key is already in placed
    cat ~/.ssh/id_ed25519.pub | ssh jump.domain.com 'umask 0077; mkdir -p .ssh; cat >> .ssh/authorized_keys'
    

    ssh-copy-id should do this