Hacker News new | ask | show | jobs
by deng 1046 days ago
In your ssh config:

    Host my-trusted-powerful-remote-machine.whatever.com
        ForwardAgent yes
There is still one problem if you like to re-use long-running screen/tmux sessions, for a solution to this see for instance https://gist.github.com/martijnvermaat/8070533
1 comments
pipe_connector 1046 days ago
Doesn't this only solve the problem for resources I am accessing over SSH? What about if I wanted to access something over HTTP like my web browser does?
link
deng 1046 days ago
That is correct. If you actually use a browser remotely, you would need to use something like RDP with the WebAuthn Virtual Channel enabled, which unfortunately I think is currently only available by Microsoft. Some remote control software like Teamviewer has USB passthrough, but I've no idea if that works with Yubikeys (I doubt it).

So yes, working with what I'd call a "thin client setup" is something where Yubikeys are probably not a good fit, unless the protocol for that setup would support some kind of direct USB forward that actually works with Yubikeys...

link
stevekemp 1046 days ago
Install a HTTPS? proxy on the work-machine, and configure the other host to use that?

All requests would then route via the work-computer.

But honestly? Use the work computer, and if it isn't good enough ask for a better machine and let somebody else take care of it.

link
NovemberWhiskey 1046 days ago
But seriously what do you do for that case if the resource requires password authentication via an OIDC redirect or whatever?
link