On Wednesday 25 June 2003 12:15 pm, John Haxby wrote:
> Yes, it does make sense and it's very lucid!
>
> It's quite easy.
>
> 1. Put your public key on both B and C.
> 2. Make sure you're using the ssh-agent. RH9 is set up with this
quite
> well already -- type "ssh-add -l" to see if your key is registered
and
> "ssh-add" to actually register it.
> 3. "echo ForwardAgent yes > ~/.ssh/config
> 3a. You may need to restart the ssh agent by logging out and
logging in
> again.
> 4. Now ssh to B (notice no prompts for password or private-key
> passphrase) and then ssh to B and the original ssh will forward the
> authentication signing to the agen running on A.
>
> Make sure you do an "ssh-add -D" to remove your private key when you
> leave your machine (assuming you don't log out). I put it in a
cron
> job ...
Once that is set up and working:
1. Install netcat on B -- the rpm is called nc-<version>.rpm
2. add to your .ssh/config file on A:
Host C
ProxyCommand ssh B nc %h 22
Host
3. Then type:
$ ssh C
and the ProxyCommand will automagically forward the conection thru B.
> I have a little howto describing all of this in gory detail if
you're
> interested.
>
> jch
>
> A.J. Werkman wrote:
>
> > I have a SSH proxy problem.
> >
> > If I have three machines A, B and C. A can't reach C, but B can
both
> > reach A and C.
> >
> > In order to connect form A to C you would connect from A to B with
ssh
> > and on B connect to C. Now you have a proxy connection from A
through
> > B to C.
> >
> > But I use only key authentication. B and C are configured to
accept
> > the key from A. But B as not being accepted as a total secure host
> > (because it is the gateway to the evale world), does not have
> > authentication keys. Conquering this gateway would mean every host
can
> > be reached by using the authentication key on the gateway.
> >
> > Now if I want to connect from A to C I log in using the private
key on
> > host A. But if I want to log in from host B to C I don't have a
> > private key there to use.
> >
> > Does anyone know if it is possible to use the above scenario but
be
> > able to use my private key from host A on host B to access host C.
Of
> > course I don't want to copy the private key from host A to host B
> > because of the risk of compromising this key.
> >
> > I hope what I am saying here makes sense to all. Does anyone know
a
> > solution?
> >
> > Regards, Koos.
> >
> >
>
>
>
> --
> Shrike-list mailing list
> Shrike-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/shrike-list
>
>
--
Stephen Carville
------------------------------------------------------------------
Mom & Pop were just a couple of kids when they got married. He was
eighteen, she was sixteen and I was three."
-- Billie Holiday
