Re: ssh private keys on our systems

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 4 Oct 2011 08:19:55 -0700
Toshio Kuratomi <a.badger@xxxxxxxxx> wrote:

> On Tue, Oct 04, 2011 at 08:45:22AM -0600, Kevin Fenzi wrote:
> > On Tue, 4 Oct 2011 07:37:38 -0700
> > Darren VanBuren <onekopaka@xxxxxxxxx> wrote:
> > 
> > > Oh, so it's more like tunnelling SSH in SSH, similar to X11 in
> > > SSH or SOCKS through SSH?
> > > 
> > > I just remember that last time I connected I think I had to use
> > > agent forwarding. I may be wrong, I was tired while writing this
> > > email last night.
> > 
> > Yeah, basically using bastion simply as a way to connect to other
> > sshd's. 
> > 
> > It's nice, because: 
> > 
> > - You don't need your private key on any shared systems. 
> > 
> > - You don't need to run ssh agent forwarding at all. (You can in
> > rare cases when you need to copy things between internal machines). 
> > 
> One time when I've found agent forwarding unavoidable is when working
> on development of code hosted in fedorahosted.  Checkouts can be done
> anonymously, but pushing changes back to fedorahosted needs an
> authenticated ssh connection.  This counts as copying things between
> machines but it's common enough for what I do in infrastructure that
> I'd love to figure out some way around it.
> 
> -Toshio

I find that i need to when staging releases, i need to rsync data from
one host to another and its all done over ssh, i guess we could make
some custom rsync modules on some hosts to allow me to use plain old
rsync rather than rsync over ssh.

Dennis
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)

iEYEARECAAYFAk6fZgQACgkQkSxm47BaWffsnQCfcL11Yv8QsujyOfHCFQgy0UqK
KBQAoJS3Flr/q34b7XeNXb/Ojp/nYbKv
=Xgz5
-----END PGP SIGNATURE-----
_______________________________________________
infrastructure mailing list
infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/infrastructure


[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux