ssh-agent use in different security domains
Alan Barrett
apb at cequrux.com
Fri Feb 24 23:26:07 EST 2012
On Fri, 24 Feb 2012, Saku Ytti wrote:
>> With ProxyCommand, you'd just do:
>> a% ssh c scp file d:
>>
>> and the intermediate step of hopping through b would be handled by a
>> ProxyCommand setting in your .ssh/config file:
>>
>> Host c
>> ProxyCommand ssh -W %h:%p b
>
>Curious. I need some cluebat, how does the key authentication work here.
>
>D needs key which is only in a, but d is asking for it from c, is it not?
>There is no magic lines for c<->d connectivity.
Oh, I didn't understand that the C->D commenction needed a key
from A. Even so, you could forward the agent connection from A
to C, and allow C to use the agent's key to connect to D, without
needing to expose the agent to B.
--apb (Alan Barrett)
More information about the openssh-unix-dev
mailing list