On 16/07/18 23:35, Chris Coutinho wrote: > Although some sources note the potential security holes of > using this method, it works great for my use case
Well, yes, even the man page warns about the security implications. There's a reason I said "it's quite a while back" :-). I try to avoid it. The security implications are severe. If it's just about passing a firewall, the ProxyJump / -J options of OpenSSH are much more useful. You can even chain them easily to pass ever more firewalls :-). ssh -J outerbastion.example.org -J nextlayer.example.org destination.example.org > https://heipei.github.io/2015/02/26/SSH-Agent-Forwarding-considered-harmful/ The ProxyCommand mentioned there has been made more convenient with the ProxyJump option that was added later; especially if we're talking about multiple jump hosts. Agent forwarding is really about connecting two remote hosts together, which Proxy can't do. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users