-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, 4 Oct 2011 08:19:55 -0700
Toshio Kuratomi <a.badger(a)gmail.com> wrote:
On Tue, Oct 04, 2011 at 08:45:22AM -0600, Kevin Fenzi wrote:
> On Tue, 4 Oct 2011 07:37:38 -0700
> Darren VanBuren <onekopaka(a)gmail.com> wrote:
>
> > Oh, so it's more like tunnelling SSH in SSH, similar to X11 in
> > SSH or SOCKS through SSH?
> >
> > I just remember that last time I connected I think I had to use
> > agent forwarding. I may be wrong, I was tired while writing this
> > email last night.
>
> Yeah, basically using bastion simply as a way to connect to other
> sshd's.
>
> It's nice, because:
>
> - You don't need your private key on any shared systems.
>
> - You don't need to run ssh agent forwarding at all. (You can in
> rare cases when you need to copy things between internal machines).
>
One time when I've found agent forwarding unavoidable is when working
on development of code hosted in fedorahosted. Checkouts can be done
anonymously, but pushing changes back to fedorahosted needs an
authenticated ssh connection. This counts as copying things between
machines but it's common enough for what I do in infrastructure that
I'd love to figure out some way around it.
-Toshio
I find that i need to when staging releases, i need to rsync data from
one host to another and its all done over ssh, i guess we could make
some custom rsync modules on some hosts to allow me to use plain old
rsync rather than rsync over ssh.
Dennis
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
iEYEARECAAYFAk6fZgQACgkQkSxm47BaWffsnQCfcL11Yv8QsujyOfHCFQgy0UqK
KBQAoJS3Flr/q34b7XeNXb/Ojp/nYbKv
=Xgz5
-----END PGP SIGNATURE-----