The situation is as follows. I have my host machine (my laptop). I ssh into Host A which is a development environment. From Host A, I have a git repo that I push/pull from a Gerrit repo. To push/pull, I need to use the ssh key on my host machine, so I use agent forwarding with ssh -A username@HostA.com. This creates an ssh auth socket on host A that I can use to authenticate to gerrit.
So the situation is:
Host --> Host A ---> Gerrit
On host A, if I run git remote show origin, the output on terminal i see is:
Fetch URL: ssh://username@gerrit.subdomain.io:2441038/manage
Push URL: ssh://username@gerrit.subdomain.io:2441038/manage
I am concerned by some articles which suggest that using ssh -A username@HostA.com is insecure. In particular, it exposes $SSH_AUTH_SOCK$ in /tmp/ so anyone with root on Host A can use my SSH key.
What I am asking is, how can I continue to work on host A with my git repo, without exposing my ssh auth socket on the machine? The articles I've seen online are about proxycommand and agent forwarding, but I still want to actually work on host A. I don't want to ssh into the gerrit server except when pushing/pulling on the git repo. I don't want anyone with root access on Host A to be able to use my ssh key, ever.
Thanks!
