ssh key forwarding with putty

Some time ago I wrote a blogpost on how you can create a dual node SSH tunnel when using putty to connect to a Oracle Linux server via a jump server. In essence the article explains how you can "map" ports to your local machine even though you only have access to one server via SSH. By implementing a tunnel you are able to do so and use the server you have access to as a gateway to the rest of the network.

The idea is shown in the below diagram and for the full details you can refer to the original post on this blog.

As an additional question some people asked how to handle keys in this scenario. The question resolved around the fact that people could only login with a key based authentication on the jumpserver (and on the other servers). The main question was, how could I use the key which is on my workstation to connect to the database server (in the example) without the need to implement a key on the jumpserver. So, actually keeping all the secrets on your own workstation. 

The answer is relative easy, when you use key based authentication to make a connection to the jumpserver you have to ensure that you enable "allow agenet forwarding" on putty when you create your session with the jumpserver.

If you now execute the commands to make the second tunnel (as explained in the other blogpost) you will have a key based authentication to the second machine. To check if the "allow agent forwarding" is set correct you can execute the below command (on the jumpserver). if you do not get a result it is not set correct. 

echo $SSH_AUTH_SOCK