ssh private keys on our systems
Dennis Gilmore
dennis at ausil.us
Thu Oct 20 00:06:28 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, 4 Oct 2011 08:19:55 -0700
Toshio Kuratomi <a.badger at gmail.com> wrote:
> On Tue, Oct 04, 2011 at 08:45:22AM -0600, Kevin Fenzi wrote:
> > On Tue, 4 Oct 2011 07:37:38 -0700
> > Darren VanBuren <onekopaka at gmail.com> wrote:
> >
> > > Oh, so it's more like tunnelling SSH in SSH, similar to X11 in
> > > SSH or SOCKS through SSH?
> > >
> > > I just remember that last time I connected I think I had to use
> > > agent forwarding. I may be wrong, I was tired while writing this
> > > email last night.
> >
> > Yeah, basically using bastion simply as a way to connect to other
> > sshd's.
> >
> > It's nice, because:
> >
> > - You don't need your private key on any shared systems.
> >
> > - You don't need to run ssh agent forwarding at all. (You can in
> > rare cases when you need to copy things between internal machines).
> >
> One time when I've found agent forwarding unavoidable is when working
> on development of code hosted in fedorahosted. Checkouts can be done
> anonymously, but pushing changes back to fedorahosted needs an
> authenticated ssh connection. This counts as copying things between
> machines but it's common enough for what I do in infrastructure that
> I'd love to figure out some way around it.
>
> -Toshio
I find that i need to when staging releases, i need to rsync data from
one host to another and its all done over ssh, i guess we could make
some custom rsync modules on some hosts to allow me to use plain old
rsync rather than rsync over ssh.
Dennis
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
iEYEARECAAYFAk6fZgQACgkQkSxm47BaWffsnQCfcL11Yv8QsujyOfHCFQgy0UqK
KBQAoJS3Flr/q34b7XeNXb/Ojp/nYbKv
=Xgz5
-----END PGP SIGNATURE-----
More information about the infrastructure
mailing list