Oh, so it's more like tunnelling SSH in SSH, similar to X11 in SSH or SOCKS through SSH?
I just remember that last time I connected I think I had to use agent forwarding. I may be wrong, I was tired while writing this email last night.
On Oct 4, 2011 6:00 AM, "Kevin Fenzi" <kevin@xxxxxxxxx> wrote:
> On Tue, 4 Oct 2011 00:43:51 -0700
> Darren VanBuren <onekopaka@xxxxxxxxx> wrote:
>
>> The recommended method is using agent forwarding at this time
>> according to
>> http://infrastructure.fedoraproject.org/infra/docs/sshaccess.txt
>
> No, there's no need for agent forwarding, and thats hopefully not what
> the policy / sop says. ;)
>
> It uses ssh -W, which basically just forwards stdout/stdin to the
> remote machine (or you can use nc, which does the same exact thing).
>
> This means you authenticate to bastion, then run the command to forward
> things and all the rest of your communication is with whatever machine
> you are connecting to. No agent. No private keys stored on shared
> machines. No need to ssh to a machine then ssh to another one, it's all
> in one command.
>
> kevin
>
>
> On Tue, 4 Oct 2011 00:43:51 -0700
> Darren VanBuren <onekopaka@xxxxxxxxx> wrote:
>
>> The recommended method is using agent forwarding at this time
>> according to
>> http://infrastructure.fedoraproject.org/infra/docs/sshaccess.txt
>
> No, there's no need for agent forwarding, and thats hopefully not what
> the policy / sop says. ;)
>
> It uses ssh -W, which basically just forwards stdout/stdin to the
> remote machine (or you can use nc, which does the same exact thing).
>
> This means you authenticate to bastion, then run the command to forward
> things and all the rest of your communication is with whatever machine
> you are connecting to. No agent. No private keys stored on shared
> machines. No need to ssh to a machine then ssh to another one, it's all
> in one command.
>
> kevin
>
>
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure