undefined | Better HN

0 pointssva_1y ago0 comments

I've found myself to be much more comfortable to just define all my private keys in ~/.ssh/config on a host-by-host basis.

0 comments

jmole1y ago

AFAIK, this doesn't solve the SSH agent problem - the problem is the agent has access to all of those keys regardless of the host you connect to.

So forwarding your SSH agent means an administrator of the system you're connected to could use any of those host keys loaded in the agent to connect to their associated machine.

j / k navigate · click thread line to collapse

0 pointssva_1y ago0 comments

I've found myself to be much more comfortable to just define all my private keys in ~/.ssh/config on a host-by-host basis.

0 comments

jmole1y ago

AFAIK, this doesn't solve the SSH agent problem - the problem is the agent has access to all of those keys regardless of the host you connect to.

So forwarding your SSH agent means an administrator of the system you're connected to could use any of those host keys loaded in the agent to connect to their associated machine.

j / k navigate · click thread line to collapse