---
title: "PuTTY及Raspberry Pi設定SSH agent forwarding"
description: "PuTTY及Raspberry Pi設定SSH agent forwarding"
# image: https://hackmd.io/screenshot.png
tags: SSH,Raspberry Pi,PuTTY
# robots: noindex, nofollow
langs: zh-Hant
---
> 此篇筆記已公開於**HackMD**:[@ShenTengTu/rkwtDACU8](https://hackmd.io/@ShenTengTu/rkwtDACU8)
# PuTTY及Raspberry Pi設定SSH agent forwarding
目標:Windows本地端使用PuTTY以SSH驗證的方式登入Raspberry Pi,並設定SSH agent forwarding,讓Raspberry Pi能轉發本地端SSH金鑰到第三方SSH Server(如 GitHub)進行SSH驗證。
## PuTTY設定
PuTTY的SSH agent為`pageant.exe`,是擁有GUI介面的SSH agent,要啟用代理轉發,要先啟動Pageant。跟Linux的`ssh-agent`類似,必須先將`*.ppk
`私鑰加入到Pageant,它會詢問passphrase,並在驗證成功後將金鑰暫時保留在記憶體中。
使用命令列來執行`pageant.exe`自動加載密鑰。
```
C:\PuTTY\pageant.exe d:\main.ppk d:\secondary.ppk
```
使用命令列來執行`pageant.exe`自動加載密鑰後,運行另一個程序。
```
C:\PuTTY\pageant.exe d:\main.ppk -c C:\PuTTY\putty.exe
```
而PuTTY SSH session必須設置
- SSH > Auth > 啟用"Allow agent forwarding"
- 不需額外設定私鑰路徑
可以將PuTTY安裝路徑加到`PATH`環境變數,然後建立包含以下腳本的批次檔`pageant-session.bat`。
```bat
start pageant "%USERPROFILE%\.ssh\your.ppk" -c putty -load %1
```
然後執行`./pageant-session.bat "your_ssh_ession"`。
## Raspberry Pi設定
- 將SSH公鑰內容加入到`~/.ssh/authorized_keys`
- 修改`/etc/ssh/ssh_config`設定
```
Host *
ForwardAgent yes
...
```
- 修改`/etc/ssh/sshd_config`設定
```
...
PubkeyAuthentication yes
AllowAgentForwarding yes
...
```
## 驗證
在PuTTY SSH session下的Raspberry Pi終端:
```
$ echo $SSH_AUTH_SOCK
/tmp/ssh-NIEDeNTuAQ/agent.2161
$ ssh -T git@github.com
agent key xxxx returned incorrect signature type
Hi <UserID>! You've successfully authenticated, but GitHub does not provide shell access.
```
## 參考
- [Using SSH Agent Forwarding | GitHub Developer Guide](https://developer.github.com/v3/guides/using-ssh-agent-forwarding/)
- [Chapter 9: Using Pageant for authentication | PuTTY User Manual](https://www.ssh.com/ssh/putty/putty-manuals/0.68/Chapter9.html)
Sign in via Google
Sign in via Facebook
Sign in via X(Twitter)
Sign in via GitHub
Sign in via Dropbox
Sign in with Wallet
Connect another wallet