Oh, so it's more like tunnelling SSH in SSH, similar to X11 in SSH or SOCKS through SSH?

I just remember that last time I connected I think I had to use agent forwarding. I may be wrong, I was tired while writing this email last night.

On Oct 4, 2011 6:00 AM, "Kevin Fenzi" <kevin@scrye.com> wrote:
> On Tue, 4 Oct 2011 00:43:51 -0700
> Darren VanBuren <onekopaka@gmail.com> wrote:
>> The recommended method is using agent forwarding at this time
>> according to
>> http://infrastructure.fedoraproject.org/infra/docs/sshaccess.txt
> No, there's no need for agent forwarding, and thats hopefully not what
> the policy / sop says. ;)
> It uses ssh -W, which basically just forwards stdout/stdin to the
> remote machine (or you can use nc, which does the same exact thing).
> This means you authenticate to bastion, then run the command to forward
> things and all the rest of your communication is with whatever machine
> you are connecting to. No agent. No private keys stored on shared
> machines. No need to ssh to a machine then ssh to another one, it's all
> in one command.
> kevin