SSH changed to pubkey auth only
Kevin Fenzi
kevin at scrye.com
Fri May 27 21:46:13 UTC 2011
On Fri, 27 May 2011 15:27:55 -0500 (CDT)
Mike McGrath <mmcgrath at redhat.com> wrote:
> On Fri, 27 May 2011, Ricky Zhou wrote:
>
> > Hey, just a note to let everybody know, we just switched all of our
> > machines to disallow SSH password authentication, so if you were
> > previously using passwords to login anywhere, you'll need to use key
> > auth now.
> >
>
> Also a good time to remind people of ssh -A and the ProxyCommand
> options.
Absolutely.
I would suggest NOT using agent forwarding by default, and only
enabling it when you absolutely need it (copying files between two
machines for example).
Host *
ForwardAgent no
You can override this with '-A' on your command line if you wish to
forward an agent for that session.
To get to internal machines, you can use ~/.ssh/config entries like:
Host puppet01 puppet1 puppet01.fedoraproject.org
Hostname %h
ProxyCommand ssh -q %r at bastion.fedoraproject.org /usr/bin/nc %h 22
This will ssh you to bastion and then in turn run nc (netcat) there
allowing you to directly get to an internal machine. You can also setup
wildcards in the Host line (see 'man ssh_config').
kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20110527/9d05b970/attachment.bin
More information about the infrastructure
mailing list