> Note that you can control the "user id" attached to ssh keys at
> ssh-keygen time to not contain strings which have any connection with
> "A", "B", or "C".
>
> 1) ssh from A to C, port-forwarding a local port on C back to a port
> on A which is running a secondary ssh server with access to the
> repository but not necessarily login access..

That'd be the command option in the authorized_keys file, then?

> Authenticate this "outer" connection on C using a j-random public key
> with a key name unrelated to "A".
>
> 2) make an ssh connection on C to the local port forwarded in step #1.


Is there a disadvantage to using ssh-agent forwarding?  (I could do this
with a key name unrelated to "A", but do I lose anything by just using my
"proper" key?)


Thanks,

David.