hey... so on the box1
i have the priv key on box1 i have have ssh-agent on box1 on box1, in the config file, do i need to have box2 on box2 I don't need to have the pub key from box1, but i do have to have what??? and then whatever I have on box2, gets replicated on the other boxes in the "chain" I think I'm seeing part of this... On Tue, Jul 12, 2016 at 4:13 PM, Gordon Messmer <gordon.mess...@gmail.com> wrote: > On 07/12/2016 10:44 AM, Go Canes wrote: > >> >> No, they don't. Private keys belong on your closest system, on an >> encrypted volume. Often, you will only need one. >> >> >> If the OP uses ssh to go from system1:user1 to system2:user2, and then >> wants to use ssh to go from system2:user2 to system3:user3, are you saying >> that only system1:user requires a public key, and that system2:user2 can >> ssh out without having *any* public key? >> > > > No, I said "private key". > > If you are user1@system1 and you use ssh to log in to user2@system2, and > if you also have an ssh agent on system1 and instruct ssh to forward a > connection to the user2@system2 session, then you don't need a private > key in the user2@system2 home directory to connect to user3@system3. You > only need to have the public key which corresponds to the private key > available to user1@system1 installed for user3@system3. system3 will > request ssh authentication from user2@system2, and that request will be > forwarded back to the agent at user1@system1, which will answer it. > > Using agent forwarding, you only need private keys on your workstation, > which you presumably have encrypted and otherwise made very secure against > an attacker obtaining your key files (which should, themselves, be > encrypted key files within the encrypted filesystem). > > -- > users mailing list > users@lists.fedoraproject.org > To unsubscribe or change subscription options: > https://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.org > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct > Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines > Have a question? Ask away: http://ask.fedoraproject.org >
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.org Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
