[ale] Do *not* use SSH Agent Forwarding if you can help it

[Daniel Kahn Gillmor]

On Wed 2008-08-20 22:58:08 -0400, Pat Regan wrote:

> I haven't had a need to use agent forwarding in a few years.  I
> probably should have mentioned that if you are using agent
> forwarding that you shouldn't use it for every connection.  Put the
> -A on the command line only if you are going to need it.

Yes, indeed.  This is good advice.

> Daniel Kahn Gillmor wrote:
>
>> For example, if the machine "bar" is firewalled away behind "foo", you
>> can get to foo from your local machine like this:
>> 
>>  ssh -oProxyCommand='ssh foo nc %h %p' bar
>
> This is exciting!  This is new to me.  Do you know how new this is?
> My non-exhausted search of google didn't seem to turn up pages more
> than a year or two old for me.

It's at least 4 years old, probably older.  I think i stumbled into it
originally reading Brian Hatch's articles about it from August 2004:

 http://www.hackinglinuxexposed.com/articles/20040830.html

A bit more digging shows that it's been present since the beginning of
OpenSSH's CVS repo, back in September 1999:

 http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ssh.1?rev=1.1&content-type=text/x-cvsweb-markup

So it probably came from Tatu Ylonen's original SSH code.

There are a lot of neat features lurking in OpenSSH!

Regards,

        --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 826 bytes
Desc: not available
Url : http://mail.ale.org/pipermail/ale/attachments/20080821/af07980e/attachment.bin