On Wed, 5 Oct 2011 09:14:41 -0700
Toshio Kuratomi <a.badger(a)gmail.com> wrote:
On Wed, Oct 05, 2011 at 09:36:12AM -0600, Kevin Fenzi wrote:
> On Tue, 4 Oct 2011 08:19:55 -0700
> Toshio Kuratomi <a.badger(a)gmail.com> wrote:
> > One time when I've found agent forwarding unavoidable is when
> > working on development of code hosted in fedorahosted. Checkouts
> > can be done anonymously, but pushing changes back to fedorahosted
> > needs an authenticated ssh connection. This counts as copying
> > things between machines but it's common enough for what I do in
> > infrastructure that I'd love to figure out some way around it.
> Hum... not sure I understand. Which two internal machines would
> this be copying between?
For instance, app01.dev and fedorahosted.org
I guess the only alternative there would be copying down to your local
machine and up to the other one. That could end up being a lot slower
and is also two steps instead of one. ;(
One possible compromise: go ahead and use ssh agent forwarding, but
after you login, do a 'ssh-add -D' to drop all your keys. Then, when/if
you need to make a copy connection it should ask for your passphrase to
unlock the key again. If someone tries to hyjack your agent connection,
you would see the request to unlock the key and could reject it.