-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 4 Oct 2011 08:19:55 -0700 Toshio Kuratomi <a.badger@xxxxxxxxx> wrote: > On Tue, Oct 04, 2011 at 08:45:22AM -0600, Kevin Fenzi wrote: > > On Tue, 4 Oct 2011 07:37:38 -0700 > > Darren VanBuren <onekopaka@xxxxxxxxx> wrote: > > > > > Oh, so it's more like tunnelling SSH in SSH, similar to X11 in > > > SSH or SOCKS through SSH? > > > > > > I just remember that last time I connected I think I had to use > > > agent forwarding. I may be wrong, I was tired while writing this > > > email last night. > > > > Yeah, basically using bastion simply as a way to connect to other > > sshd's. > > > > It's nice, because: > > > > - You don't need your private key on any shared systems. > > > > - You don't need to run ssh agent forwarding at all. (You can in > > rare cases when you need to copy things between internal machines). > > > One time when I've found agent forwarding unavoidable is when working > on development of code hosted in fedorahosted. Checkouts can be done > anonymously, but pushing changes back to fedorahosted needs an > authenticated ssh connection. This counts as copying things between > machines but it's common enough for what I do in infrastructure that > I'd love to figure out some way around it. > > -Toshio I find that i need to when staging releases, i need to rsync data from one host to another and its all done over ssh, i guess we could make some custom rsync modules on some hosts to allow me to use plain old rsync rather than rsync over ssh. Dennis -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (GNU/Linux) iEYEARECAAYFAk6fZgQACgkQkSxm47BaWffsnQCfcL11Yv8QsujyOfHCFQgy0UqK KBQAoJS3Flr/q34b7XeNXb/Ojp/nYbKv =Xgz5 -----END PGP SIGNATURE----- _______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
