0

I would like to be able to use my local credentials in a remote session without Agent forwarding if possible. The reasons:

  • Agent forwarding has security issues (port accessible to remote root users)
  • I am in a terminal session and ssh-askpass requires X-windows
  • I need to be able to execute a command on a remote host (HOST_A) that uses SSH transport to another host (HOST_B)
  • I don't want to grant HOST_A access to HOST_B

It seems that ProxyCommand effectively has this ability (using credentials without Agent forwarding), but it also seems it is only to be used for jumping to other hosts, whereas I'd like the feature in a normal shell on HOST_A (or, failing that, a single command on HOST_A).

I guess that ProxyCommand is doing something cunning in the background that I can not emulate via other SSH options, but would appreciate any advice about how I might be able to achieve this outcome.

RabidMutant
  • 123
  • 5
  • What do you expect to do with your ssh keys _other than_ connect to a host? – Michael Hampton Jul 25 '20 at 17:06
  • As I said in the question, use a command that supports SSH transport to connect from HOST_A to HOST_B (trivial examples might be Git, BorgBackup, SCP etc; specifically I do not want to create a shell session on HOST_B). – RabidMutant Jul 25 '20 at 17:11
  • OK, you should connect directly to HOST_B. – Michael Hampton Jul 25 '20 at 17:14
  • No, I want a command running on HOST_A to connect to HOST_B, using MY credentials. – RabidMutant Jul 25 '20 at 17:14
  • Well, now you're back to agent forwarding. Or perhaps that command should have its own credentials. – Michael Hampton Jul 25 '20 at 17:18
  • Well, yes...the question covered why I wanted an alternative to agent forwarding if there was one. I couldn't find one, I assume there isn't one, but was uncertain. It seems like it's not a very unusual requirement...hence the question. – RabidMutant Jul 25 '20 at 17:21

0 Answers0