This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Problem with 20050215 snapshot and ssh-agent forwarding


On Fri, Feb 18, 2005 at 12:13:25PM -0500, Jean-Sebastien Trottier wrote:
>On Fri, Feb 18, 2005 at 10:52:22AM -0500, Christopher Faylor wrote:
>> On Fri, Feb 18, 2005 at 09:30:35AM -0500, Jean-Sebastien Trottier wrote:
>> >On Wed, Feb 16, 2005 at 11:23:03AM -0800, David Rothenberger wrote:
>> >> I'm having a problem with the 20050215 snapshot (and the 20050131 as
>> >> well). My ssh-agent connection is not being forwarded by ssh. This is
>> >> working fine with the 20041119 snapshot.
>> >> 
>> >> Here are the steps to reproduce the problem. I've got ssh and sshd
>> >> correctly configured to forward ssh-agent connections. The second ssh
>> >> command should not prompt to the public key passphrase.
>> >> 
>> >> % keychain ~/.ssh/id_dsa
>> >> 
>> >> KeyChain 2.0.3; http://www.gentoo.org/projects/keychain
>> >>  Copyright 2002 Gentoo Technologies, Inc.; Distributed under the GPL
>> >>  * All previously running ssh-agent(s) have been stopped.
>> >>  * Initializing /home/drothe/.keychain/tela-sh file...
>> >>  * Initializing /home/drothe/.keychain/tela-csh file...
>> >>  * Starting new ssh-agent
>> >>  * 1 more keys to add...
>> >> Enter passphrase for /home/drothe/.ssh/id_dsa:
>> >> Identity added: /home/drothe/.ssh/id_dsa (/home/drothe/.ssh/id_dsa)
>> >> 
>> >> % . ~/.keychain/tela-sh
>> >> % ssh `hostname`
>> >> % ssh `hostname`
>> >> Enter passphrase for key '/home/drothe/.ssh/id_dsa':
>> >
>> >Have you tried " ssh -A `hostname` " instead... just to make sure the
>> >ssh actually forwards the agent?
>> 
>> Why would he have to do that?  The first one worked.  The second one failed.
>> 
>
>Without -A or "ForwardAgent yes", the first ssh call will *NOT*
>forward/create a channel to the ssh-agent to be used by the new shell
>being opened.
>
>Thus, the new shell, unless you source ~/.keychain/tela-sh in it again,
>will not have an ssh-agent to talk to and will need to ask for the
>passphrase again.
>
>
>If you use -A, the first ssh call will forward an encrypted channel so
>that the new shell can access your identity/passphrase for subsequent
>ssh calls.

Ah, I see.  You're taking what he wrote literally and I wasn't.  I'd
assumed that these were two separate invocations of ssh, not nested
ones.  But, my assumption makes no sense and your advice does make
sense given what was reported.

Apologies for the confusion.

cgf

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]