SSH Agent

SSH agent forwarding allows you to use the SSH keys stored on your local device to authenticate to remote systems, without copying the private keys between machines. This is especially useful when connecting to multiple accounts on an HPC cluster, such as your personal Unix account and shared project accounts.

Prerequisites

  • You must have SSH keys set up on your local device.
  • Your local SSH agent must be running (this usually happens by default on Linux/macOS systems).

Forwarding Agent From Your Computer

To enable SSH agent forwarding from your computer to your own EML account:

  1. Start your SSH agent on your local device. This usually happens by default on macOS and on modern Linux systems. If it is not running, run the following in a terminal:

    eval $(ssh-agent)

  2. Add your private key to the SSH agent:

    # On Linux
ssh-add ~/.ssh/id_ed25519

# On macOS
ssh-add --apple-use-keychain ~/.ssh/id_ed25519

    Replace id_ed25519 with your actual private key file, if it is named differently.

  3. Connect to the EML using SSH:

    ssh -A your-username@some-eml-machine.berkeley.edu

Forwarding Agent between EML Accounts

Once you are logged in to your EML account, you may need to login to, or transfter data between, a shared project account at the EML. To avoid re-entering your passphrase, you can forward the agent to the shared project account as well.

  1. Verify that the agent is available in your personal Unix account by running:

    ssh-add -l

    This should list your keys. If the output says The agent has no identities, it means the agent is not properly forwarded.

  2. Connect to the shared account:

    ssh -A your-project-account@some-eml-machine.berkeley.edu

    Or copy data to the project account:

    scp -A some-directory your-project-account@some-eml-machine.berkeley.edu:

    Or copy data from the project account:

    scp -A your-project-account@some-eml-machine.berkeley.edu:some-directory .

  3. (Optional) Use SSH config to simplify the connection between your personal and shared accounts:

    In your own account, you can create or modify the SSH configuration (~/.ssh/config) to make switching accounts easier:

    Host project-account
    Hostname localhost
    User project-account
    ForwardAgent yes

    Then, you can switch to the shared project account with a simpler command:

    ssh project-account

    Or copy data to/from it:

    scp -r some-directory project-account: