Can dropbear be configured so it forwards ssh credentials?
Network has a border OpenWRT router, and a bridge OpenaWRT.
My management station is connected to the bridge, and cannot directly ssh (or anything else) to it. I have to jump of the border router. I would like to turn off password authentication in the bridge, and I do not want to install the private id in the router.
The dropbear server seems to allow forwarding of the connection to the authentication agent by default. Have you enabled it in your ssh client? It's usually "-A" on the command line, which is also supported by the dropbear ssh client.
Use of the ProxyJump directive on the "desktop" you use to access the inside host can be helpful as well. As an example (check man ssh_config for more details):
That's correct. I am "ssh -L ..."
Now, does it make sense for me to set a VPN to ssh to a system in the same network?
I also considered adding a second opinion to my Mac, but then I would have to do it to every machine I try to use... Can you add a second ip to an iPad?
Another approach, if you consider your inside target's SSH implementation sufficiently secure to expose, would be to forward a port on your public IP (call it 1234) to your target's SSH port (typically 22). You could then access it from the outside as