Managing Multiple SSH Identities - Best Practices?
Lisa Kachold
lisakachold at obnosis.com
Tue Jan 18 11:41:42 MST 2011
Ah, (practical use is always your focus). Hopefully all your Debian SSL/SSH
systems are patch updated and rebuilt, as the last thread outlined obtaining
the keys?
Laugh!
On Tue, Jan 18, 2011 at 11:02 AM, der.hans <PLUGd at lufthans.com> wrote:
> Am 18. Jan, 2011 schwätzte Lisa Kachold so:
>
> moin moin,
>
>
> Oh, I believe your question syntax might have been misunderstood,
>>
>
> I suppose I should have asked about credentials rather than key, but in
> the context of the quoted text I think it was sufficiently clear :).
>
> ssh forwards all credentials that ssh-agent has cached and I'd prefer to
> only forward specific credentials.
>
> For instance, maybe I use a different key for each consulting client. When
> I connect to client A I don't want to forward the credentials for client
> B.
>
> Another example, say I want to use a specific key from my workstation to
> each of my consulting clients. I should not forward those credentials
> because they could then be used to connect from client to client. Instead,
> I want to forward diffferent credentials that are used inside a client's
> network. Key Z is used for initial connection. Key A is forwarded to
> client As bastion host for connecting to intranet boxen at client A. Key B
> is forwarded to client Bs bastion host for connecting to intranet boxen at
> client B. And so forth.
>
> Essentially, -A for ssh needs a way to specify some granularity.
>
>
> ciao,
>
> der.hans
> --
> # http://www.LuftHans.com/ http://www.LuftHans.com/Classes/
> # ABLEconf - 2011Apr02 - CfP 2010Jan22 - Free Software for Free Enterprise
> # I've got a photographic memory,
> # but I'm lousy photographer. - der.hans
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
--
(503) 754-4452
(623) 688-3392
http://www.obnosis.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20110118/048d7b2e/attachment.html>
More information about the PLUG-discuss
mailing list