Mail Archives: cygwin/2005/02/18/15:06:25
On 2/18/2005 11:03 AM, Christopher Faylor wrote:
> On Fri, Feb 18, 2005 at 10:43:49AM -0800, David Rothenberger wrote:
>
>>On 2/18/2005 10:41 AM, Christopher Faylor wrote:
>>
>>>>>>I'm having a problem with the 20050215 snapshot (and the 20050131 as
>>>>>>well). My ssh-agent connection is not being forwarded by ssh. This is
>>>>>>working fine with the 20041119 snapshot.
>>>>>>
>>>
>>>I still can't duplicate this. Sorry.
>>
>>Is SSH_AGENT_PID defined in your environment after the first ssh
>>`hostname`?
>
>
> No. And, it shouldn't be. SSH_AGENT_PID doesn't make any sense after
> you've logged into a system.
Right. I was asking because the only way I could get this to work was to
have SSH_AGENT_PID defined.
I'm seeing the problem on two different WinXP Pro machines and a Win2000
machine. I've tested with the default .profile and .bashrc files and
with sh instead of bash. So, it doesn't appear to be something peculiar
to my machine or environment.
I believe the problem is due to the new traverse checking. When I start
ssh-agent the first time, I see the following in my /tmp directory:
% l /tmp
total 0
drwx------+ 2 drothe None 0 Feb 18 11:47 ssh-YwRaOw6140/
Since /tmp/ssh-YwRaOw6140 is owned by my user (drothe), the first ssh
`hostname` has no problem accessing the ssh-agent socket.
After I do the first ssh `hostname`, I have the following:
% l /tmp
total 0
drwx------+ 2 SYSTEM root 0 Feb 18 11:50 ssh-AtsnfLH756/
drwx------+ 2 drothe None 0 Feb 18 11:47 ssh-YwRaOw6140/
% getfacl /tmp/ssh-AtsnfLH756/
# file: /tmp/ssh-AtsnfLH756/
# owner: SYSTEM
# group: root
user::rwx
group::---
mask:rwx
other:---
default:user::rwx
default:group::---
default:other:---
Plus, SSH_AUTH_SOCK is set to the new directory:
% echo $SSH_AUTH_SOCK
/tmp/ssh-AtsnfLH756/agent.756
% l $SSH_AUTH_SOCK
srwxrwxrwx 1 drothe None 0 Feb 18 11:57 /tmp/ssh-AtsnfLH756/agent.756=
% getfacl $SSH_AUTH_SOCK
# file: /tmp/ssh-AtsnfLH756/agent.756
# owner: drothe
# group: None
user::rw-
group::rw-
other:rw-
mask:rwx
With traverse checking enabled, my user (drothe) can't access
/tmp/ssh-AtsnfLH756/agent.756, even though that file (socket?) has 777
permissions, since the /tmp/ssh-AtsnfLH756 directory is owned by SYSTEM
and has 700 permissions. So, the next ssh `hostname` command prompts
for a passphrase.
With traverse checking disabled, drothe can access
/tmp/ssh-AtsnfLH756/agent.756 and the next ssh `hostname` command
succeeds without prompting.
So, I can get this working by defining "CYGWIN=server notraverse" in my
default environment as well as the sshd environment. Without the
"notraverse" in the sshd environment, the test fails. I can also get it
working by manually executing
% chown $USER $(dirname $SSH_AUTH_SOCK)
after the first ssh `hostname`.
--
David Rothenberger spammer? -> spam AT daveroth DOT dyndns DOT org
GPG/PGP: 0x7F67E734, C233 365A 25EF 2C5F C8E1 43DF B44F BA26 7F67 E734
We are what we pretend to be.
-- Kurt Vonnegut, Jr.
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -