This is the mail archive of the
mailing list for the Cygwin project.
Re: Problem with 20050215 snapshot and ssh-agent forwarding
On Fri, Feb 18, 2005 at 12:13:25PM -0500, Jean-Sebastien Trottier wrote:
>On Fri, Feb 18, 2005 at 10:52:22AM -0500, Christopher Faylor wrote:
>> On Fri, Feb 18, 2005 at 09:30:35AM -0500, Jean-Sebastien Trottier wrote:
>> >On Wed, Feb 16, 2005 at 11:23:03AM -0800, David Rothenberger wrote:
>> >> I'm having a problem with the 20050215 snapshot (and the 20050131 as
>> >> well). My ssh-agent connection is not being forwarded by ssh. This is
>> >> working fine with the 20041119 snapshot.
>> >> Here are the steps to reproduce the problem. I've got ssh and sshd
>> >> correctly configured to forward ssh-agent connections. The second ssh
>> >> command should not prompt to the public key passphrase.
>> >> % keychain ~/.ssh/id_dsa
>> >> KeyChain 2.0.3; http://www.gentoo.org/projects/keychain
>> >> Copyright 2002 Gentoo Technologies, Inc.; Distributed under the GPL
>> >> * All previously running ssh-agent(s) have been stopped.
>> >> * Initializing /home/drothe/.keychain/tela-sh file...
>> >> * Initializing /home/drothe/.keychain/tela-csh file...
>> >> * Starting new ssh-agent
>> >> * 1 more keys to add...
>> >> Enter passphrase for /home/drothe/.ssh/id_dsa:
>> >> Identity added: /home/drothe/.ssh/id_dsa (/home/drothe/.ssh/id_dsa)
>> >> % . ~/.keychain/tela-sh
>> >> % ssh `hostname`
>> >> % ssh `hostname`
>> >> Enter passphrase for key '/home/drothe/.ssh/id_dsa':
>> >Have you tried " ssh -A `hostname` " instead... just to make sure the
>> >ssh actually forwards the agent?
>> Why would he have to do that? The first one worked. The second one failed.
>Without -A or "ForwardAgent yes", the first ssh call will *NOT*
>forward/create a channel to the ssh-agent to be used by the new shell
>Thus, the new shell, unless you source ~/.keychain/tela-sh in it again,
>will not have an ssh-agent to talk to and will need to ask for the
>If you use -A, the first ssh call will forward an encrypted channel so
>that the new shell can access your identity/passphrase for subsequent
Ah, I see. You're taking what he wrote literally and I wasn't. I'd
assumed that these were two separate invocations of ssh, not nested
ones. But, my assumption makes no sense and your advice does make
sense given what was reported.
Apologies for the confusion.
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html