On Tue, Oct 04, 2011 at 08:45:22AM -0600, Kevin Fenzi wrote: > On Tue, 4 Oct 2011 07:37:38 -0700 > Darren VanBuren <onekopaka@xxxxxxxxx> wrote: > > > Oh, so it's more like tunnelling SSH in SSH, similar to X11 in SSH or > > SOCKS through SSH? > > > > I just remember that last time I connected I think I had to use agent > > forwarding. I may be wrong, I was tired while writing this email last > > night. > > Yeah, basically using bastion simply as a way to connect to other > sshd's. > > It's nice, because: > > - You don't need your private key on any shared systems. > > - You don't need to run ssh agent forwarding at all. (You can in rare > cases when you need to copy things between internal machines). > One time when I've found agent forwarding unavoidable is when working on development of code hosted in fedorahosted. Checkouts can be done anonymously, but pushing changes back to fedorahosted needs an authenticated ssh connection. This counts as copying things between machines but it's common enough for what I do in infrastructure that I'd love to figure out some way around it. -Toshio
Attachment:
pgp6ZVZcuFskc.pgp
Description: PGP signature
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
