Problem with 20050215 snapshot and ssh-agent forwarding
Jean-Sebastien Trottier
jst1@email.com
Fri Feb 18 21:20:00 GMT 2005
On Fri, Feb 18, 2005 at 10:52:22AM -0500, Christopher Faylor wrote:
> On Fri, Feb 18, 2005 at 09:30:35AM -0500, Jean-Sebastien Trottier wrote:
> >On Wed, Feb 16, 2005 at 11:23:03AM -0800, David Rothenberger wrote:
> >> I'm having a problem with the 20050215 snapshot (and the 20050131 as
> >> well). My ssh-agent connection is not being forwarded by ssh. This is
> >> working fine with the 20041119 snapshot.
> >>
> >> Here are the steps to reproduce the problem. I've got ssh and sshd
> >> correctly configured to forward ssh-agent connections. The second ssh
> >> command should not prompt to the public key passphrase.
> >>
> >> % keychain ~/.ssh/id_dsa
> >>
> >> KeyChain 2.0.3; http://www.gentoo.org/projects/keychain
> >> Copyright 2002 Gentoo Technologies, Inc.; Distributed under the GPL
> >> * All previously running ssh-agent(s) have been stopped.
> >> * Initializing /home/drothe/.keychain/tela-sh file...
> >> * Initializing /home/drothe/.keychain/tela-csh file...
> >> * Starting new ssh-agent
> >> * 1 more keys to add...
> >> Enter passphrase for /home/drothe/.ssh/id_dsa:
> >> Identity added: /home/drothe/.ssh/id_dsa (/home/drothe/.ssh/id_dsa)
> >>
> >> % . ~/.keychain/tela-sh
> >> % ssh `hostname`
> >> % ssh `hostname`
> >> Enter passphrase for key '/home/drothe/.ssh/id_dsa':
> >
> >Have you tried " ssh -A `hostname` " instead... just to make sure the
> >ssh actually forwards the agent?
>
> Why would he have to do that? The first one worked. The second one failed.
>
Without -A or "ForwardAgent yes", the first ssh call will *NOT*
forward/create a channel to the ssh-agent to be used by the new shell
being opened.
Thus, the new shell, unless you source ~/.keychain/tela-sh in it again,
will not have an ssh-agent to talk to and will need to ask for the
passphrase again.
If you use -A, the first ssh call will forward an encrypted channel so
that the new shell can access your identity/passphrase for subsequent
ssh calls.
> >If this works (and it should), add "ForwardAgent yes" to your
> >~/.ssh/config file. see "man ssh_config" for details
>
> Ditto this. If the first invocation works then I don't think there is any
> reason to suspect configuration problems.
Ditto ;-)
Sebastien
>
> cgf
>
> --
> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
> Problem reports: http://cygwin.com/problems.html
> Documentation: http://cygwin.com/docs.html
> FAQ: http://cygwin.com/faq/
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://cygwin.com/pipermail/cygwin/attachments/20050218/2e702b8f/attachment.sig>
More information about the Cygwin
mailing list