Re: Is there any solution, or even work on, limiting which keys gets forwarded where?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Thu, Oct 15, 2015 at 04:15:03PM -0400, Daniel Kahn Gillmor wrote:
> if the intermediary machine (the "jumphost") is jumphost.example, and
> you are trying to reach bar.example.com (which is behind the firewall),
> you would do:
>  ssh -oProxyCommand='ssh jumphost.example -W %h:%p' bar.example.com

We use jump host, but there are literally hundreds of hosts behind it.
And since I often need to run things on multiple hosts, I ssh to jump
host, start tmux session, and ssh from there wherever I need.

Not to mention that in case like above, I would have to type the
password to key two times, which is complicated, to put it lightly, as
I use very long, very secure passphrases.

> Another approach, if you find you must forward your agent, is to load
> all keys in your agent with confirmation prompt required (ssh-add -c)
> so that your local machine is still in control of when the different
> keys get used.

Yeah, but that will (from what I understand from man) re-ask for my
password, which is highly impractical given the above passphrase
situation.

Best regards,

depesz

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux