On Fri, 27 May 2011 15:27:55 -0500 (CDT) Mike McGrath <mmcgrath@xxxxxxxxxx> wrote: > On Fri, 27 May 2011, Ricky Zhou wrote: > > > Hey, just a note to let everybody know, we just switched all of our > > machines to disallow SSH password authentication, so if you were > > previously using passwords to login anywhere, you'll need to use key > > auth now. > > > > Also a good time to remind people of ssh -A and the ProxyCommand > options. Absolutely. I would suggest NOT using agent forwarding by default, and only enabling it when you absolutely need it (copying files between two machines for example). Host * ForwardAgent no You can override this with '-A' on your command line if you wish to forward an agent for that session. To get to internal machines, you can use ~/.ssh/config entries like: Host puppet01 puppet1 puppet01.fedoraproject.org Hostname %h ProxyCommand ssh -q %r@xxxxxxxxxxxxxxxxxxxxxxxxx /usr/bin/nc %h 22 This will ssh you to bastion and then in turn run nc (netcat) there allowing you to directly get to an internal machine. You can also setup wildcards in the Host line (see 'man ssh_config'). kevin
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
