Re: ssh again..

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 07/12/2016 02:32 PM, bruce wrote:
so on the box1
i have the priv key
on box1 i have have ssh-agent on box1

on box1, in the config file, do i need to have box2

You *can* specify agent forwarding in the configuration file, but I have to disagree with users who recommended doing so. My opinion is that you should use "ssh -A" to forward your agent specifically in sessions where you intend to establish additional connections from the session you are creating.

If you log in to a host that is compromised, and forward your agent, the attacker could use your ssh agent to establish additional connections. This is better than the situation of having a private key on the same compromised host, because the key itself cannot be stolen and the agent is only usable while you are connected. However, the cautious practice is to reduce the threat further by not forwarding the agent when it is not going to be used.

on box2 I don't need to have the pub key from box1, but i do have to have what???

box2 does need to have the public key installed, as usual. It just doesn't need a private key. Authentication requests will be proxied (forwarded) back to your workstation, where the private key is available.

and then whatever I have on box2, gets replicated on the other boxes in the "chain"

All of the hosts in the chain require the public key, just as they would if you were connecting to them directly.
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://lists.fedoraproject.org/admin/lists/users@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org



[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux