On Tue, 4 Oct 2011 07:37:38 -0700
Darren VanBuren <onekopaka(a)gmail.com> wrote:
Oh, so it's more like tunnelling SSH in SSH, similar to X11 in
SSH or
SOCKS through SSH?
I just remember that last time I connected I think I had to use agent
forwarding. I may be wrong, I was tired while writing this email last
night.
Yeah, basically using bastion simply as a way to connect to other
sshd's.
It's nice, because:
- You don't need your private key on any shared systems.
- You don't need to run ssh agent forwarding at all. (You can in rare
cases when you need to copy things between internal machines).
- You don't have to ssh into a bastion then another machine, you can
'ssh foobar' and it logs you into foobar (it's using bastion behind
the scenes here, but thats transparent).
- You don't need any config on the bastion host, all of it's on your
local machine, so if bastion is re-installed it doesn't matter.
kevin