Closed akmalhisyam closed 7 years ago
Hey akmalhisyam , can you give me an example scenario you have in mind please ?
Hi @anazmy
My scenario:
I forward my local SSH agent to bastion host, and bastion host should use that forwarded agent to get the credentials to login to the next host.
I'm unable to do that with Aker. It just fails with "invalid credentials" or something i forgot
Agent forwarding is widely known to be insecure, I encourage you to stop using Agent forwarding and read this article https://heipei.github.io/2015/02/26/SSH-Agent-Forwarding-considered-harmful/ imho Aker should not support AgentForwarding
hey @akmalhisyam I have to agree with Oneiroi, having a socket sitting listening and answering to crypto challenges is not a good practice , specially taking on consideration something like a zero-trust network .
That being said Aker will still consider approaches for automation and ease of use but in a more secure fashion.
@Oneiroi provided link mentions option ssh-add -c
which is used for confirmation requests from ssh-agent.
I don't think that storing private users keys at internet-faced bastion is more secure than ssh-agent.
Anyway it would be good to have such configuration option in addition to the key:
option.
@anazmy any chances to reopen this issue?
Hi. I'm using Aker master branch. Is it possible to enable agent forwarding?