Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Date:	Fri, 18 Feb 2005 13:26:31 -0500
From:	Christopher Faylor <cgf-no-personal-reply-please AT cygwin DOT com>
To:	cygwin AT cygwin DOT com
Subject:	Re: Problem with 20050215 snapshot and ssh-agent forwarding
Message-ID:	<20050218182631.GF15839@trixie.casa.cgf.cx>
Reply-To:	cygwin AT cygwin DOT com
References:	<20050216192355.SUQO15146.out004.verizon.net@[127.0.0.1]> <20050218143035 DOT GA31409 AT gw DOT jsoft DOT lan> <20050218155222 DOT GE12342 AT trixie DOT casa DOT cgf DOT cx> <20050218171325 DOT GA3466 AT gw DOT jsoft DOT lan>
Mime-Version:	1.0
In-Reply-To:	<20050218171325.GA3466@gw.jsoft.lan>
User-Agent:	Mutt/1.4.1i

On Fri, Feb 18, 2005 at 12:13:25PM -0500, Jean-Sebastien Trottier wrote:
>On Fri, Feb 18, 2005 at 10:52:22AM -0500, Christopher Faylor wrote:
>> On Fri, Feb 18, 2005 at 09:30:35AM -0500, Jean-Sebastien Trottier wrote:
>> >On Wed, Feb 16, 2005 at 11:23:03AM -0800, David Rothenberger wrote:
>> >> I'm having a problem with the 20050215 snapshot (and the 20050131 as
>> >> well). My ssh-agent connection is not being forwarded by ssh. This is
>> >> working fine with the 20041119 snapshot.
>> >> 
>> >> Here are the steps to reproduce the problem. I've got ssh and sshd
>> >> correctly configured to forward ssh-agent connections. The second ssh
>> >> command should not prompt to the public key passphrase.
>> >> 
>> >> % keychain ~/.ssh/id_dsa
>> >> 
>> >> KeyChain 2.0.3; http://www.gentoo.org/projects/keychain
>> >>  Copyright 2002 Gentoo Technologies, Inc.; Distributed under the GPL
>> >>  * All previously running ssh-agent(s) have been stopped.
>> >>  * Initializing /home/drothe/.keychain/tela-sh file...
>> >>  * Initializing /home/drothe/.keychain/tela-csh file...
>> >>  * Starting new ssh-agent
>> >>  * 1 more keys to add...
>> >> Enter passphrase for /home/drothe/.ssh/id_dsa:
>> >> Identity added: /home/drothe/.ssh/id_dsa (/home/drothe/.ssh/id_dsa)
>> >> 
>> >> % . ~/.keychain/tela-sh
>> >> % ssh `hostname`
>> >> % ssh `hostname`
>> >> Enter passphrase for key '/home/drothe/.ssh/id_dsa':
>> >
>> >Have you tried " ssh -A `hostname` " instead... just to make sure the
>> >ssh actually forwards the agent?
>> 
>> Why would he have to do that?  The first one worked.  The second one failed.
>> 
>
>Without -A or "ForwardAgent yes", the first ssh call will *NOT*
>forward/create a channel to the ssh-agent to be used by the new shell
>being opened.
>
>Thus, the new shell, unless you source ~/.keychain/tela-sh in it again,
>will not have an ssh-agent to talk to and will need to ask for the
>passphrase again.
>
>
>If you use -A, the first ssh call will forward an encrypted channel so
>that the new shell can access your identity/passphrase for subsequent
>ssh calls.

Ah, I see.  You're taking what he wrote literally and I wasn't.  I'd
assumed that these were two separate invocations of ssh, not nested
ones.  But, my assumption makes no sense and your advice does make
sense given what was reported.

Apologies for the confusion.

cgf

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -