Forwarding both gpg and ssh agents
Peter Lebbing
peter at digitalbrains.com
Tue Jul 17 11:00:04 CEST 2018
On 16/07/18 23:35, Chris Coutinho wrote:
> Although some sources note the potential security holes of
> using this method, it works great for my use case
Well, yes, even the man page warns about the security implications.
There's a reason I said "it's quite a while back" :-). I try to avoid
it. The security implications are severe.
If it's just about passing a firewall, the ProxyJump / -J options of
OpenSSH are much more useful. You can even chain them easily to pass
ever more firewalls :-).
ssh -J outerbastion.example.org -J nextlayer.example.org destination.example.org
> https://heipei.github.io/2015/02/26/SSH-Agent-Forwarding-considered-harmful/
The ProxyCommand mentioned there has been made more convenient with the
ProxyJump option that was added later; especially if we're talking about
multiple jump hosts.
Agent forwarding is really about connecting two remote hosts together,
which Proxy can't do.
HTH,
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180717/5e93d4b2/attachment.sig>
More information about the Gnupg-users
mailing list