Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Date:	Fri, 18 Feb 2005 12:13:25 -0500
From:	Jean-Sebastien Trottier <jst1 AT email DOT com>
To:	cygwin AT cygwin DOT com
Subject:	Re: Problem with 20050215 snapshot and ssh-agent forwarding
Message-ID:	<20050218171325.GA3466@gw.jsoft.lan>
Mail-Followup-To:	cygwin AT cygwin DOT com
References:	<20050216192355.SUQO15146.out004.verizon.net@[127.0.0.1]> <20050218143035 DOT GA31409 AT gw DOT jsoft DOT lan> <20050218155222 DOT GE12342 AT trixie DOT casa DOT cgf DOT cx>
Mime-Version:	1.0
In-Reply-To:	<20050218155222.GE12342@trixie.casa.cgf.cx>
User-Agent:	Mutt/1.5.6+20040907i
X-IsSubscribed:	yes

--1yeeQ81UyVL57Vl7
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Feb 18, 2005 at 10:52:22AM -0500, Christopher Faylor wrote:
> On Fri, Feb 18, 2005 at 09:30:35AM -0500, Jean-Sebastien Trottier wrote:
> >On Wed, Feb 16, 2005 at 11:23:03AM -0800, David Rothenberger wrote:
> >> I'm having a problem with the 20050215 snapshot (and the 20050131 as
> >> well). My ssh-agent connection is not being forwarded by ssh. This is
> >> working fine with the 20041119 snapshot.
> >>=20
> >> Here are the steps to reproduce the problem. I've got ssh and sshd
> >> correctly configured to forward ssh-agent connections. The second ssh
> >> command should not prompt to the public key passphrase.
> >>=20
> >> % keychain ~/.ssh/id_dsa
> >>=20
> >> KeyChain 2.0.3; http://www.gentoo.org/projects/keychain
> >>  Copyright 2002 Gentoo Technologies, Inc.; Distributed under the GPL
> >>  * All previously running ssh-agent(s) have been stopped.
> >>  * Initializing /home/drothe/.keychain/tela-sh file...
> >>  * Initializing /home/drothe/.keychain/tela-csh file...
> >>  * Starting new ssh-agent
> >>  * 1 more keys to add...
> >> Enter passphrase for /home/drothe/.ssh/id_dsa:
> >> Identity added: /home/drothe/.ssh/id_dsa (/home/drothe/.ssh/id_dsa)
> >>=20
> >> % . ~/.keychain/tela-sh
> >> % ssh `hostname`
> >> % ssh `hostname`
> >> Enter passphrase for key '/home/drothe/.ssh/id_dsa':
> >
> >Have you tried " ssh -A `hostname` " instead... just to make sure the
> >ssh actually forwards the agent?
>=20
> Why would he have to do that?  The first one worked.  The second one fail=
ed.
>=20

Without -A or "ForwardAgent yes", the first ssh call will *NOT*
forward/create a channel to the ssh-agent to be used by the new shell
being opened.

Thus, the new shell, unless you source ~/.keychain/tela-sh in it again,
will not have an ssh-agent to talk to and will need to ask for the
passphrase again.


If you use -A, the first ssh call will forward an encrypted channel so
that the new shell can access your identity/passphrase for subsequent
ssh calls.

> >If this works (and it should), add "ForwardAgent yes" to your
> >~/.ssh/config file. see "man ssh_config" for details
>=20
> Ditto this.  If the first invocation works then I don't think there is any
> reason to suspect configuration problems.

Ditto ;-)

Sebastien

>=20
> cgf
>=20
> --
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> Problem reports:       http://cygwin.com/problems.html
> Documentation:         http://cygwin.com/docs.html
> FAQ:                   http://cygwin.com/faq/
>=20

--1yeeQ81UyVL57Vl7
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFCFiI1WHtULG0eY+ERAkMeAKCL986lnktmsQsEquZUjgW2mrJUnACfdS1e
eHgh5/FhWb8xmxlwrtHqJ7I=
=pxSP
-----END PGP SIGNATURE-----

--1yeeQ81UyVL57Vl7--

- Raw text -