In this third article in a series, Daniel Robbins shows you how to take advantage of OpenSSH agent connection forwarding to enhance security. He also shares recent improvements to the keychain shell script. If you can't run ssh-agent on untrusted hosts, then how do you establish secure, passwordless ssh connections from these systems?. . .
In this third article in a series, Daniel Robbins shows you how to take advantage of OpenSSH agent connection forwarding to enhance security. He also shares recent improvements to the keychain shell script. If you can't run ssh-agent on untrusted hosts, then how do you establish secure, passwordless ssh connections from these systems?
The answer is to only use ssh-agent and keychain on trusted hosts, and to use OpenSSH's new authentication forwarding abilities to extend passwordless authentication to any untrusted hosts. In a nutshell, authentication forwarding works by allowing remote ssh sessions to contact an ssh-agent running on a trusted system. The link for this article located at IBM developerWorks is no longer available.