Don't use SSH agent

This commit is contained in:
Alexandre Iooss 2018-12-28 11:30:18 +01:00
parent cd189b397b
commit c27fd74075
2 changed files with 8 additions and 4 deletions

View file

@ -33,6 +33,9 @@ Il faut changer la variable d'environnement suivante :
### Configurer la connexion au bastion
Envoyer son agent SSH peut être dangereux ([source](https://heipei.io/2015/02/26/SSH-Agent-Forwarding-considered-harmful/)).
On va utiliser plutôt ProxyCommand.
Dans la configuration SSH :
```
@ -41,7 +44,10 @@ Host proxy.auro.re
ControlMaster auto
ControlPath ~/.ssh/%r@%h:%p
Host *.auro.re 10.128.0.*
# Use a key to log on all Aurore servers
# and use a bastion
Host 10.128.0.*
IdentityFile ~/.ssh/id_rsa_aurore
ForwardAgent yes
ProxyCommand ssh -q -W %h:%p proxy.auro.re
```

View file

@ -1,2 +0,0 @@
---
ansible_ssh_extra_args: -o ProxyCommand='ssh -W %h:%p -q proxy.auro.re'