On Wed, 5 Oct 2011 09:14:41 -0700 Toshio Kuratomi <a.badger@xxxxxxxxx> wrote: > On Wed, Oct 05, 2011 at 09:36:12AM -0600, Kevin Fenzi wrote: > > On Tue, 4 Oct 2011 08:19:55 -0700 > > Toshio Kuratomi <a.badger@xxxxxxxxx> wrote: > > > > > One time when I've found agent forwarding unavoidable is when > > > working on development of code hosted in fedorahosted. Checkouts > > > can be done anonymously, but pushing changes back to fedorahosted > > > needs an authenticated ssh connection. This counts as copying > > > things between machines but it's common enough for what I do in > > > infrastructure that I'd love to figure out some way around it. > > > > Hum... not sure I understand. Which two internal machines would > > this be copying between? > > > For instance, app01.dev and fedorahosted.org Ah, ok. I guess the only alternative there would be copying down to your local machine and up to the other one. That could end up being a lot slower and is also two steps instead of one. ;( One possible compromise: go ahead and use ssh agent forwarding, but after you login, do a 'ssh-add -D' to drop all your keys. Then, when/if you need to make a copy connection it should ask for your passphrase to unlock the key again. If someone tries to hyjack your agent connection, you would see the request to unlock the key and could reject it. kevin
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
