Don't use SSH agent

6 years ago · c27fd74075
parent cd189b397b
commit c27fd74075
2 changed files with 8 additions and 4 deletions
--- a/README.md
+++ b/README.md
@ -33,6 +33,9 @@ Il faut changer la variable d'environnement suivante :

 ### Configurer la connexion au bastion

+Envoyer son agent SSH peut être dangereux ([source](https://heipei.io/2015/02/26/SSH-Agent-Forwarding-considered-harmful/)).
+
+On va utiliser plutôt ProxyCommand.
 Dans la configuration SSH :

 ```
@ -41,7 +44,10 @@ Host proxy.auro.re
    ControlMaster auto
    ControlPath ~/.ssh/%r@%h:%p

-Host *.auro.re 10.128.0.*
+# Use a key to log on all Aurore servers
+# and use a bastion
+Host 10.128.0.*
    IdentityFile ~/.ssh/id_rsa_aurore
-    ForwardAgent yes
+    ProxyCommand ssh -q -W %h:%p proxy.auro.re
 ```
+
--- a/group_vars/horus/ssh_through_proxy.yml
+++ b/group_vars/horus/ssh_through_proxy.yml
@ -1,2 +0,0 @@
---
-ansible_ssh_extra_args: -o ProxyCommand='ssh -W %h:%p -q proxy.auro.re'