Problem with 20050215 snapshot and ssh-agent forwarding

Jean-Sebastien Trottier jst1@email.com
Sat Feb 19 14:18:00 GMT 2005 

On Fri, Feb 18, 2005 at 01:41:14PM -0500, Christopher Faylor wrote:
> On Fri, Feb 18, 2005 at 09:21:56AM -0800, David Rothenberger wrote:
> >On 2/18/2005 6:30 AM, Jean-Sebastien Trottier wrote:
> >>On Wed, Feb 16, 2005 at 11:23:03AM -0800, David Rothenberger wrote:
> >>
> >>>I'm having a problem with the 20050215 snapshot (and the 20050131 as
> >>>well). My ssh-agent connection is not being forwarded by ssh. This is
> >>>working fine with the 20041119 snapshot.
> >>>
> >>Have you tried " ssh -A `hostname` " instead... just to make sure the
> >>ssh actually forwards the agent?
> >>
> >>If this works (and it should), add "ForwardAgent yes" to your
> >>~/.ssh/config file. see "man ssh_config" for details
> >
> >Yeah, I know about configuring ssh. As I mentioned in my original email, 
> >this is working fine for me with the 20041119 snapshot. So, I do have 
> >things configured correctly. But, I did try it with the -A switch and 
> >had the same result.
> 
> I still can't duplicate this.  Sorry.
> 

I'm able to reproduce it here...

With "current" cygwin1.dll version:

    inside the ssh session, $SSH_AUTH_SOCK points to:

    % ls -l $SSH_AUTH_SOCK
    srwxrwxrwx  1 SYSTEM root 51 Feb 18 14:52 /tmp/ssh-rsSRvl3964/agent.3964=

    % getfacl $SSH_AUTH_SOCK
    # file: /tmp/ssh-rsSRvl3964/agent.3964
    # owner: SYSTEM
    # group: root
    user::rwx
    group::rwx
    mask:rwx
    other:rwx

    ssh client is able to use this socket for further public key verfification

With 20050215 snapshot:

    inside the ssh session, $SSH_AUTH_SOCK points to:
        % ls -l $SSH_AUTH_SOCK
        ls: /tmp/ssh-fHDEinn252/agent.252: Permission denied

        % getfacl $SSH_AUTH_SOCK
        getfacl: Permission denied

    ssh client is *NOT* able to use this socket.

With both versions, the permissions on the socket's directory are
exactly the same:

    % ls -ld /tmp/ssh-rsSRvl3964
    drwx------+ 2 SYSTEM root 0 Feb 18 14:52 /tmp/ssh-rsSRvl3964

    % getfacl /tmp/ssh-rsSRvl3964
    # file: /tmp/ssh-rsSRvl3964
    # owner: SYSTEM
    # group: root
    user::rwx
    group::---
    mask:rwx
    other:---
    default:user::rwx
    default:group::---
    default:other:---

I hope this helps... at least it should give you a clue

Note: I've got sshd running as a SYSTEM service. Running is in
non-detached or debug mode works fine, obviously.

Sebastien

> cgf
> 
> --
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> Problem reports:       http://cygwin.com/problems.html
> Documentation:         http://cygwin.com/docs.html
> FAQ:                   http://cygwin.com/faq/
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://cygwin.com/pipermail/cygwin/attachments/20050219/31bdb24b/attachment.sig>

More information about the Cygwin mailing list