Going from remote system to remote system

This is possible, but most configurations come with this option off by default. That is because you should only use it if you know what you are doing.

The Shaman Agent is not running on the Remote Server, but use of SSH on that machine can be referred back to the Shaman Agent on your desktop system. This can be enabled with an SSH feature called Agent Forwarding. Anytime the Remote Server looks for a token, its enquiries will be passed back to your desktop system.

If this behaviour is not setup on your system by default, you can manually set it when you login to the Remote Server:

ssh -o ForwardAgent=yes remote.host

This option defaults to no. You can override the default in your local SSH configuration file,

~/.ssh/config

or if you are the system administrator, you could set it system-wide in

/etc/ssh/ssh_config

in any of these files, the line to add (or uncomment) would be

ForwardAgent yes

In case of conflict between these two settings files, the user-specific settings win.

It is wise to trust agent forwarding only to hosts that are under your direct control, or that are trustworthy for some other reason. Use a Host section to set a particular pattern, like

Host *.orvelte.nep
  ForwardAgent yes

The argument behind Host matches the hostname entered on the SSH commandline.

The OpenSSH daemon on the Remote Server will accept forwarded agents without any further restrictions. That is because it is not up to the Remote Server to worry about rights to access yet other systems.

If you want to login remotely to a third Remote Server, you should use Agent Forwarding when leaving the first Remote Server, and so on.

You can use the Shaman Setup utility to directly install your SSH Key on the second and third Remote Servers, the indirect access is a usage pattern but not advisable when setting up the Shaman's access priviliges.