[SOLVED] Use ssh private key from untrusted computer

Use ssh private key from untrusted computer

I am currently working on a project from an untrusted computer and I would like to pull/commit changes from this (untrusted) computer using ssh authentication. I have access to my private (trusted) computer. Here is a summary of my setup:

Git server with access only with ssh (no https authentication allowed)
Trusted computer with access to the git server with ssh
Untrusted computer with no access to the git sever but access to my trusted computer

What would you do in this case? (I can't copy files from the untrusted computer to the trusted computer. I want the files of this project to stay on the untrusted computer but I am allowed to send them to the trusted computer if I don't actually store them). They key idea is that I don't want other people using the untrusted computer to have access to my other projects on the git server.

Solution

You could possibly try to get away using your trusted computer as an SSH jump host.

To cite this manual:

An alternative to SSH tunneling to access internal machines through gateway is using jump hosts.

The idea is to use ProxyCommand to automatically execute ssh command on remote host to jump to the next host and forward all traffic through.

This supposedly will require writing a wrapper script around the SSH client and setting the GIT_SSH env. variable to point to it—see the "ENVIRONMENT VARIABLES" section in git help git:

GIT_SSH, GIT_SSH_COMMAND

If either of these environment variables is set then git fetch and git push will use the specified command instead of ssh when they need to connect to a remote system. The command will be given exactly two or four arguments: the username@host (or just host) from the URL and the shell command to execute on that remote system, optionally preceded by -p (literally) and the port from the URL when it specifies something other than the default SSH port.

$GIT_SSH_COMMAND takes precedence over $GIT_SSH, and is interpreted by the shell, which allows additional arguments to be included. $GIT_SSH on the other hand must be just the path to a program (which can be a wrapper shell script, if additional arguments are needed).

Usually it is easier to configure any desired options through your personal .ssh/config file. Please consult your ssh documentation for further details.

(I beleive the SSH_COMMAND is a fairly recently addition to Git.)