Re: ssh again..

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

bruce writes:

> Hey... (again)
>
>
> Still trying to get my mind around how to solve this. Someone mentioned ssh
> forwarding, but I've not gotten it to work.
>
>
> Say I have 5 boxes on my network,
>
> box1
> box2
> box3
> box4
> box5
>
> Each box has a generic user - user1, with limited perms/access
>
> On my local box, i create a pub/private ssh key. I copy the pub key to each
> box..
>
> From my local box, I can then ssh -using the priv/pub key into box1.
>
> From box1, can I then hop/ssh over to box2, using the pub key for the user1
> that I created/installed?
>
> I'm trying to figure out how I can hop between boxes as needed without
> having to have lots of pub/private keys ...
>
> What do I need to add to the local box, or to box1 / box2 to permit me to
> hop from box1 to box2 without having to add a key from/between box1 and
> box2?
>
> if ssh forwarding is the soln, what has to be added to which files, on
> which boxes?

I don't think that you can do that with ssh-forwarding. You generate a key-pair
- a private and a public key. You copied the public key already to the boxes, so
so you can login from the local box.
You would need now to copy also the private key to all the boxes into ~/.ssh of
the user which you want to use (user1). Since the
fitting public key is already everywhere in the authorized_keys-file in ~/.ssh,
you should then be able to log into box2 from box1. But beware: since every box
has now your private key, if one your remote boxes gets compromised all boxes
are compromised because the attacker can now log into the other boxes without a
password.
You might want to protect your private key with a strong password that doesn't
get cached by something like ssh-agent but which you need to type everytime when
you want to use your key if the boxes are exposed to the internet.

Niels
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://lists.fedoraproject.org/admin/lists/users@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux