On Thu, Oct 15, 2015 at 04:15:03PM -0400, Daniel Kahn Gillmor wrote: > if the intermediary machine (the "jumphost") is jumphost.example, and > you are trying to reach bar.example.com (which is behind the firewall), > you would do: > ssh -oProxyCommand='ssh jumphost.example -W %h:%p' bar.example.com We use jump host, but there are literally hundreds of hosts behind it. And since I often need to run things on multiple hosts, I ssh to jump host, start tmux session, and ssh from there wherever I need. Not to mention that in case like above, I would have to type the password to key two times, which is complicated, to put it lightly, as I use very long, very secure passphrases. > Another approach, if you find you must forward your agent, is to load > all keys in your agent with confirmation prompt required (ssh-add -c) > so that your local machine is still in control of when the different > keys get used. Yeah, but that will (from what I understand from man) re-ask for my password, which is highly impractical given the above passphrase situation. Best regards, depesz _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev