kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add security advice about SSH agent forwarding 

In the case of a malicious node, or malicious superuser with access to
the same node, SSH agent forwarding is a risk. Call that out.
This commit is contained in:
Tim Bannister 2022-01-17 21:38:46 +00:00
parent 000536e52c
commit f1dda969c4
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
content/en/docs/setup/production-environment/tools/kubeadm/high-availability.md
View File

@ -319,7 +319,8 @@ SSH is required if you want to control all nodes from a single machine.
1. SSH between nodes to check that the connection is working correctly. 1. SSH between nodes to check that the connection is working correctly.
- When you SSH to any node, add the `-A` flag. This flag allows the node that you - When you SSH to any node, add the `-A` flag. This flag allows the node that you
have logged into via SSH to access the SSH agent on your PC. have logged into via SSH to access the SSH agent on your PC. Consider alternative
methods if you do not fully trust the security of your user session on the node.
``` ```
ssh -A 10.0.0.7 ssh -A 10.0.0.7