Re: Transferring files between servers on a private network?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 09/12/2020 18:45, Steve Dondley wrote:
Ok, thanks for the insight.

Yeah, I was trying to avoid agent forwarding because of the advice I've seen to avoid it, if possible.

As far as I know, you'd mainly want to avoid it if you don't trust the left-hand machine (i.e. the source, the one you called "B").  A malicious administrator on that host could connect to your agent socket and authenticate, as you, to any other machine that trusts your key.

But to be honest, if a machine is malicious, I wouldn't want to ssh into it in the first place.  It could do plenty of other nasty things, such as logging my keystrokes.


Only other method I can think of is to have a third machine, machine C, that is only available on the private network and contains the private key for all the other machines. So I'd log into machine C via some bastion/jump server. Machine C would hold the private the key used by machine B and machine A and I could use it to transfer files between machines A and B.

Copying your private key onto other machines is, in general, way less secure than using agent forwarding.

You could ssh to C (that you trust), with agent forwarding enabled, and use it to third-party copy between B and A (*without* enabling agent forwarding from C to B or C to A)


_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux