ssh private keys on our systems
Kevin Fenzi
kevin at scrye.com
Tue Oct 4 13:00:20 UTC 2011
On Tue, 4 Oct 2011 00:43:51 -0700
Darren VanBuren <onekopaka at gmail.com> wrote:
> The recommended method is using agent forwarding at this time
> according to
> http://infrastructure.fedoraproject.org/infra/docs/sshaccess.txt
No, there's no need for agent forwarding, and thats hopefully not what
the policy / sop says. ;)
It uses ssh -W, which basically just forwards stdout/stdin to the
remote machine (or you can use nc, which does the same exact thing).
This means you authenticate to bastion, then run the command to forward
things and all the rest of your communication is with whatever machine
you are connecting to. No agent. No private keys stored on shared
machines. No need to ssh to a machine then ssh to another one, it's all
in one command.
kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20111004/753b1ac8/attachment.bin
More information about the infrastructure
mailing list