ssh-agent use in different security domains
Ángel González
keisial at gmail.com
Thu Oct 27 08:48:10 EST 2011
Saku Ytti wrote:
> 2011/10/26 Ángel González <keisial at gmail.com>:
>
>> Only your ssh program instance can talk with your ssh-agent, because it
>> is running locally. Without agent forwarding, programs on the other host
>> can't connect to your agent, much less use your keys.
> Quite, but question here is, when you need to have ssh-agent in two different
> security domains. How do to do it.
What's your problem with the jumphosts solution dkg proposed?
You connect to monkey and tell monkey to tunnel a connection to banana.
A second ssh instance is launched *in your computer* which connects to
banana through that tunnel.
You have two ssh instances locally and no agent forwarding (thus no
identity thief).
More information about the openssh-unix-dev
mailing list