Re: Transferring files between servers on a private network?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 09/12/2020 18:45, Steve Dondley wrote:
Ok, thanks for the insight.

Yeah, I was trying to avoid agent forwarding because of the advice I've seen to avoid it, if possible.
As far as I know, you'd mainly want to avoid it if you don't trust the 
left-hand machine (i.e. the source, the one you called "B").  A 
malicious administrator on that host could connect to your agent socket 
and authenticate, as you, to any other machine that trusts your key.
But to be honest, if a machine is malicious, I wouldn't want to ssh into 
it in the first place.  It could do plenty of other nasty things, such 
as logging my keystrokes.
Only other method I can think of is to have a third machine, machine 
C, that is only available on the private network and contains the 
private key for all the other machines. So I'd log into machine C via 
some bastion/jump server. Machine C would hold the private the 
key used by machine B and machine A and I could use it to transfer 
files between machines A and B.
Copying your private key onto other machines is, in general, way less 
secure than using agent forwarding.
You could ssh to C (that you trust), with agent forwarding enabled, and 
use it to third-party copy between B and A (*without* enabling agent 
forwarding from C to B or C to A)

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux