aurore/ansible
aurore/ansible
11
2
Fork 0
Code Issues 1 Pull requests 13 Releases Wiki Activity

Don't use SSH agent

Browse source
This commit is contained in:
Alexandre Iooss 2018-12-28 11:30:18 +01:00
parent cd189b397b
commit c27fd74075
2 changed files with 8 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
README.md
View file

@ -33,6 +33,9 @@ Il faut changer la variable d'environnement suivante :
### Configurer la connexion au bastion ### Configurer la connexion au bastion
Envoyer son agent SSH peut être dangereux ([source](https://heipei.io/2015/02/26/SSH-Agent-Forwarding-considered-harmful/)).
On va utiliser plutôt ProxyCommand.
Dans la configuration SSH : Dans la configuration SSH :
``` ```
@ -41,7 +44,10 @@ Host proxy.auro.re
ControlMaster auto ControlMaster auto
ControlPath ~/.ssh/%r@%h:%p ControlPath ~/.ssh/%r@%h:%p
Host *.auro.re 10.128.0.* # Use a key to log on all Aurore servers
# and use a bastion
Host 10.128.0.*
IdentityFile ~/.ssh/id_rsa_aurore IdentityFile ~/.ssh/id_rsa_aurore
ForwardAgent yes ProxyCommand ssh -q -W %h:%p proxy.auro.re
``` ```

2
group_vars/horus/ssh_through_proxy.yml
View file

@ -1,2 +0,0 @@
---
ansible_ssh_extra_args: -o ProxyCommand='ssh -W %h:%p -q proxy.auro.re'