Secure Shell
Multi Hopping by sshserver proxy with different keys Sep 23 2010 03:08PM
Nicolas Ferragu (nicolas ferragu laposte fr) (3 replies)
Re: Multi Hopping by sshserver proxy with different keys Sep 25 2010 10:34AM
Igor Bukanov (igor mir2 org) (2 replies)
On 23 September 2010 17:08, Nicolas Ferragu <nicolas.ferragu (at) laposte (dot) fr [email concealed]> wrote:
>    Putty conf :
>       connection type : raw
>       local proxy command : plink.exe -t %user@%proxyhost -agent "ssh
> -p %port -l role %host"\n

I assume "ssh -p %port -l role %host" here is a command executed on
the bastion to connect to the target. Currently it does not work as
the target asks for the key known only for the bastion.

You mentioned that "ssh-agent running well with the target.". If that
means that bastion has ssh-agent running with a key for the target
then in the above command you just need to tell the ssh where to look
for ssh agent socket. You can do that with env command that sets
SSH_AUTH_SOCK like in:

plink.exe -t %user@%proxyhost -agent "env
SSH_AUTH_SOCK=<path-to-socket> ssh -p %port -l role %host"

The default socket location is /tmp/ssh-XXXXXXXXXX/agent.<ppid>. For
maximum convenience you may run the ssh-agent on bastion with -d
option to specify the exact location of the socket like in:

ssh-agent -b "$HOME/.ssh/agent-socket"

and then set SSH_AUTH_SOCK in the above command to /home/user/.ssh/agent-socket

On the other hand the setup like that implies that one can always
connect to the target if he has the key to bastion. Moreover, anybody
who can login to bastion under your user name can also recover the
private key for the target via inspecting ssh-agent memory. So the
setup above is less secure if you would simply have the key to the
target on your local box properly password-protected and loaded into
putty agent.

Regards, Igor

[ reply ]
Multi Hopping by sshserver proxy with different keys Sep 27 2010 09:01AM
Nicolas Ferragu (nicolas ferragu laposte fr)
Re: Multi Hopping by sshserver proxy with different keys Sep 27 2010 08:22AM
Nicolas Ferragu (nicolas ferragu laposte fr) (1 replies)
Re: Multi Hopping by sshserver proxy with different keys Sep 27 2010 07:13PM
Igor Bukanov (igor mir2 org)
Re: Multi Hopping by sshserver proxy with different keys Sep 23 2010 05:26PM
Stephen Dowdy (sdowdy ucar edu) (1 replies)
Re: Multi Hopping by sshserver proxy with different keys Sep 24 2010 10:00AM
Nicolas Ferragu (nicolas ferragu laposte fr)
RE: Multi Hopping by sshserver proxy with different keys Sep 23 2010 04:26PM
Joachim Thuau (Joachim Thuau heavy-iron com) (1 replies)
Re: Multi Hopping by sshserver proxy with different keys Sep 24 2010 07:42AM
Nicolas Ferragu (nicolas ferragu laposte fr)


 

Privacy Statement
Copyright 2010, SecurityFocus