Problem with 20050215 snapshot and ssh-agent forwarding

Jean-Sebastien Trottier jst1@email.com
Fri Feb 18 21:20:00 GMT 2005


On Fri, Feb 18, 2005 at 10:52:22AM -0500, Christopher Faylor wrote:
> On Fri, Feb 18, 2005 at 09:30:35AM -0500, Jean-Sebastien Trottier wrote:
> >On Wed, Feb 16, 2005 at 11:23:03AM -0800, David Rothenberger wrote:
> >> I'm having a problem with the 20050215 snapshot (and the 20050131 as
> >> well). My ssh-agent connection is not being forwarded by ssh. This is
> >> working fine with the 20041119 snapshot.
> >> 
> >> Here are the steps to reproduce the problem. I've got ssh and sshd
> >> correctly configured to forward ssh-agent connections. The second ssh
> >> command should not prompt to the public key passphrase.
> >> 
> >> % keychain ~/.ssh/id_dsa
> >> 
> >> KeyChain 2.0.3; http://www.gentoo.org/projects/keychain
> >>  Copyright 2002 Gentoo Technologies, Inc.; Distributed under the GPL
> >>  * All previously running ssh-agent(s) have been stopped.
> >>  * Initializing /home/drothe/.keychain/tela-sh file...
> >>  * Initializing /home/drothe/.keychain/tela-csh file...
> >>  * Starting new ssh-agent
> >>  * 1 more keys to add...
> >> Enter passphrase for /home/drothe/.ssh/id_dsa:
> >> Identity added: /home/drothe/.ssh/id_dsa (/home/drothe/.ssh/id_dsa)
> >> 
> >> % . ~/.keychain/tela-sh
> >> % ssh `hostname`
> >> % ssh `hostname`
> >> Enter passphrase for key '/home/drothe/.ssh/id_dsa':
> >
> >Have you tried " ssh -A `hostname` " instead... just to make sure the
> >ssh actually forwards the agent?
> 
> Why would he have to do that?  The first one worked.  The second one failed.
> 

Without -A or "ForwardAgent yes", the first ssh call will *NOT*
forward/create a channel to the ssh-agent to be used by the new shell
being opened.

Thus, the new shell, unless you source ~/.keychain/tela-sh in it again,
will not have an ssh-agent to talk to and will need to ask for the
passphrase again.


If you use -A, the first ssh call will forward an encrypted channel so
that the new shell can access your identity/passphrase for subsequent
ssh calls.

> >If this works (and it should), add "ForwardAgent yes" to your
> >~/.ssh/config file. see "man ssh_config" for details
> 
> Ditto this.  If the first invocation works then I don't think there is any
> reason to suspect configuration problems.

Ditto ;-)

Sebastien

> 
> cgf
> 
> --
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> Problem reports:       http://cygwin.com/problems.html
> Documentation:         http://cygwin.com/docs.html
> FAQ:                   http://cygwin.com/faq/
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://cygwin.com/pipermail/cygwin/attachments/20050218/2e702b8f/attachment.sig>


More information about the Cygwin mailing list