On Tue, 4 Oct 2011 00:43:51 -0700
Darren VanBuren <onekopaka(a)gmail.com> wrote:
The recommended method is using agent forwarding at this time
No, there's no need for agent forwarding, and thats hopefully not what
the policy / sop says. ;)
It uses ssh -W, which basically just forwards stdout/stdin to the
remote machine (or you can use nc, which does the same exact thing).
This means you authenticate to bastion, then run the command to forward
things and all the rest of your communication is with whatever machine
you are connecting to. No agent. No private keys stored on shared
machines. No need to ssh to a machine then ssh to another one, it's all
in one command.