Hi, I guess you use a fixed SSH_AUTH_SOCK ?  Then it's OK as long as you carefully
restrict the socket's permission.  Anyone can read form the socket can fake you.
Anyway that's a normal security (not colo-specific).  So go ahead, with care.

On 09/30/2012 04:05 PM, Evan Phoenix wrote:
> Yes, it is possible. If you're comfortable with this, I can set it up as soon as I have the gateway code. 
> 
>   - Evan // via iPhone
> 
> 
> On Sep 29, 2012, at 6:27 PM, Urabe Shyouhei <shyouhei / ruby-lang.org> wrote:
> 
>> On 09/30/2012 02:33 AM, Evan Phoenix wrote:
>>> Hello shyouhei,
>>>
>>> I would be happy to have RubyCentral run the gateway but I'd like to run it in colocation. I can guarantee security of the keys by using passphrases and ssh-agent. The machine in question will only run the gateway, nothing else, and be secured with separate ssh keys to secure access to it.
>>>
>>> Would that be ok?
>>
>> Thank you.  Is it possible for cron to use a forwarded SSH agent?  I have no idea how.