On Tue, 4 Oct 2011 07:37:38 -0700 Darren VanBuren onekopaka@gmail.com wrote:
Oh, so it's more like tunnelling SSH in SSH, similar to X11 in SSH or SOCKS through SSH?
I just remember that last time I connected I think I had to use agent forwarding. I may be wrong, I was tired while writing this email last night.
Yeah, basically using bastion simply as a way to connect to other sshd's.
It's nice, because:
- You don't need your private key on any shared systems.
- You don't need to run ssh agent forwarding at all. (You can in rare cases when you need to copy things between internal machines).
- You don't have to ssh into a bastion then another machine, you can 'ssh foobar' and it logs you into foobar (it's using bastion behind the scenes here, but thats transparent).
- You don't need any config on the bastion host, all of it's on your local machine, so if bastion is re-installed it doesn't matter.
kevin