Sample Header Ad - 728x90

How can I reverse forward git ssh when my config requires a Yubikey

4 votes
1 answer
127 views
ssh git ssh-tunneling ssh-agent
I frequently need to log into a VM that has no direct access to the internet or our source code repo. In the past I have circumvented this with a reverse port forward over ssh but now my problem is that we use Yubikey local hardware tokens and I need to forward the request through my local machine, where I can press the key In the past, without the Yubikey, this is what I had: 
Host bastion
  HostName 129.153.206.108

### The Remote Host
Host sredev1
  HostName 10.0.1.40
  ProxyJump bastion
  RemoteForward 7999 foo.mycorp.com:7999
Then, updating my local git as: 
get remote set-url main localhost:7999
which allowed 
git pull
However, the situation is more complicated and I need similar functionality; I am not particular on the method but I don't want to have syncing processes in place. My ssh config at the moment is: 
Host oci*.private.devops.scmservice.*.oci.oracleiaas.com
   User cbongior@bmc_operator_access
   IdentityAgent ~/.ssh/scm-agent.sock
   PKCS11Provider /usr/local/lib/libykcs11.dylib


Host fsretoolsint-jh-1
    Hostname 100.92.7.226
    User     jumpuser
    IdentityFile ~/.ssh/jumpuser.pkey

Host sredev2
  Port 22
  IdentityFile ~/.ssh/sredev2.key
  Hostname 10.196.169.56
  ProxyJump  fsretoolsint-jh-1
  RemoteForward 7999 oci.private.devops.scmservice.us-phoenix-1.oci.oracleiaas.com:22
And, for example, in a given repo I have: 
git remote -v
origin  ssh://localhost:7999/namespaces/axuxirvibvvo/projects/VERM/repositories/fleetman (fetch)
origin  ssh://localhost:7999/namespaces/axuxirvibvvo/projects/VERM/repositories/fleetman (push)
And locally that same repo is: 
origin  ssh://oci.private.devops.scmservice.us-phoenix-1.oci.oracleiaas.com/namespaces/axuxirvibvvo/projects/VERM/repositories/fleetman (fetch)
origin  ssh://oci.private.devops.scmservice.us-phoenix-1.oci.oracleiaas.com/namespaces/axuxirvibvvo/projects/VERM/repositories/fleetman (push)
On my vm this is what I get when I try git pull: 
-> % git remote set-url origin ssh://localhost:7999/namespaces/axuxirvibvvo/projects/VERM/repositories/fleetman
cbongior@sredev2 [10:51:44 PM] [~/dev/oracle/fleetman] [main *]
-> % git fetch origin
cbongior@localhost: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
Now, I know the local keypair isn't registered - and there is no point. We are setup to use Yubi keys to authenticate and this is where I am stumped. So, for architectural clarity, the arrangement is: 
my laptop with YK -> jump host -> vm
and the tunnel arrangement is: 
git server << my laptop << jump host << vm port 7999
I am created a reverse tunnel on the VM directorying traffic on port 7999 to the git server on 22 **Question:** How can I configure this to forward the ssh request to my local agent?
Asked by Christian Bongiorno (147 rep)
Apr 9, 2025, 04:41 PM
Last activity: Jul 7, 2025, 07:38 PM
Sidebar Ad - 300x250
Related Questions

Browse more questions from Unix & Linux Stack Exchange

More questions tagged "ssh"
More questions tagged "git"
More questions tagged "ssh-tunneling"
Footer Ad - 728x90