The problem is that upon typing:

ssh dakara -L 80:localhost:80

the response is:

Privileged ports can only be forwarded by root.

The obvious solution is to just use sudo:

sudo ssh dakara -L 80:localhost:80

but this produces:

ssh: Could not resolve hostname dakara: Name or service not known

Unfortunately, “dakara” is a host configured in ~/.ssh/config and not available to root. This can be fixed with:

sudo ssh -F ~/.ssh/config dakara -L 80:localhost:80

but this tries to connect as root and prompts for a password. Adding “-l $USER” sets the user name to my user name (This could also be set in the SSH config file.), and adding “-E” to sudo preserves the environment allowing my SSH agent to be used.

sudo -E ssh -F ~/.ssh/config -l $USER dakara -L 80:localhost:80

Now everything connects, and I am not prompted for a password.

On Adria, you can see that I have no keys added:

zac@adria:~$ ssh-add -l
The agent has no identities.

I then secure shell to Dakara and forward my agent (-A) from Adria. I still have no keys added:

zac@adria:~$ ssh dakara -A
zac@dakara's password:
No mail.
Last login: Mon Feb  9 17:30:49 2009 from adria.lund
zac@dakara:~$ ssh-add -l
The agent has no identities.

Next, I add a key from Dakara to my agent on Adria:

zac@dakara:~$ ssh-add
Enter passphrase for /home/zac/.ssh/id_dsa:
Identity added: /home/zac/.ssh/id_dsa (/home/zac/.ssh/id_dsa)
zac@dakara:~$ ssh-add -l
2048 27:81:f8:7f:38:75:6b:ce:95:e4:46:62:02:9c:84:bd /home/zac/.ssh/id_dsa (DSA)

When I log out of Dakara, the key is still available on Adria:

zac@dakara:~$ logout
Connection to dakara closed.
zac@adria:~$ ssh-add -l
2048 27:81:f8:7f:38:75:6b:ce:95:e4:46:62:02:9c:84:bd /home/zac/.ssh/id_dsa (DSA)

Now my key is available on Adria without ever being on Adria. Even with physical access to my laptop, it would take a sophisticated hacker to steal my SSH key.