|
|
|
|
|
|
by gunapologist99
1063 days ago
|
|
|
> If you root the bastion box, you have user credentials for anything inside the network. But that's not how a (properly-configured!) bastion host works. You won't have user credentials for anything UNLESS users are using Forward Agent (which they shouldn't! simplest explanation here.. https://userify.com/docs/jumpbox ). That's the point behind using ProxyJump. Your connection actually jumps THROUGH the bastion box and doesn't stop for interception along the way. (And, of course, an attacker can't do anything very useful with ssh public keys except for maybe traffic analysis or learning more target IP's.) |
|
|