Re: Is there any solution, or even work on, limiting which keys gets forwarded where?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 16/10/15 12:46, hubert depesz lubaczewski wrote:
On Thu, Oct 15, 2015 at 04:15:03PM -0400, Daniel Kahn Gillmor wrote:
>  if the intermediary machine (the "jumphost") is jumphost.example, and
>  you are trying to reach bar.example.com (which is behind the firewall),
>  you would do:
>    ssh -oProxyCommand='ssh jumphost.example -W %h:%p' bar.example.com
We use jump host, but there are literally hundreds of hosts behind it.
And since I often need to run things on multiple hosts, I ssh to jump
host, start tmux session, and ssh from there wherever I need.
You can run tmux locally. Don't worry about having to add the

-oProxyCommand='ssh jumphost.example -W %h:%p' each time. That can be abstracted
in the ssh_config. You can simply provide the name as you used on the jumphos, but
have ssh automatically connect to it "the right way".

If you are concerned about having to perform two ssh logins (automatically, as
performed by the key authentication) per connection, you can make it use a master
ssh connection so there's a single connection to the jumphost through all the others
are tunneled.


_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux