Oh, so it's more like tunnelling SSH in SSH, similar to X11 in SSH or SOCKS
through SSH?
I just remember that last time I connected I think I had to use agent
forwarding. I may be wrong, I was tired while writing this email last night.
On Oct 4, 2011 6:00 AM, "Kevin Fenzi" <kevin(a)scrye.com> wrote:
On Tue, 4 Oct 2011 00:43:51 -0700
Darren VanBuren <onekopaka(a)gmail.com> wrote:
> The recommended method is using agent forwarding at this time
> according to
>
http://infrastructure.fedoraproject.org/infra/docs/sshaccess.txt
No, there's no need for agent forwarding, and thats hopefully not what
the policy / sop says. ;)
It uses ssh -W, which basically just forwards stdout/stdin to the
remote machine (or you can use nc, which does the same exact thing).
This means you authenticate to bastion, then run the command to forward
things and all the rest of your communication is with whatever machine
you are connecting to. No agent. No private keys stored on shared
machines. No need to ssh to a machine then ssh to another one, it's all
in one command.
kevin