ssh private keys on our systems
Kevin Fenzi
kevin at scrye.com
Tue Oct 4 14:45:22 UTC 2011
On Tue, 4 Oct 2011 07:37:38 -0700
Darren VanBuren <onekopaka at gmail.com> wrote:
> Oh, so it's more like tunnelling SSH in SSH, similar to X11 in SSH or
> SOCKS through SSH?
>
> I just remember that last time I connected I think I had to use agent
> forwarding. I may be wrong, I was tired while writing this email last
> night.
Yeah, basically using bastion simply as a way to connect to other
sshd's.
It's nice, because:
- You don't need your private key on any shared systems.
- You don't need to run ssh agent forwarding at all. (You can in rare
cases when you need to copy things between internal machines).
- You don't have to ssh into a bastion then another machine, you can
'ssh foobar' and it logs you into foobar (it's using bastion behind
the scenes here, but thats transparent).
- You don't need any config on the bastion host, all of it's on your
local machine, so if bastion is re-installed it doesn't matter.
kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20111004/6ab01183/attachment.bin
More information about the infrastructure
mailing list