Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Date: Fri, 18 Feb 2005 12:13:25 -0500 From: Jean-Sebastien Trottier To: cygwin AT cygwin DOT com Subject: Re: Problem with 20050215 snapshot and ssh-agent forwarding Message-ID: <20050218171325.GA3466@gw.jsoft.lan> Mail-Followup-To: cygwin AT cygwin DOT com References: <20050216192355.SUQO15146.out004.verizon.net@[127.0.0.1]> <20050218143035 DOT GA31409 AT gw DOT jsoft DOT lan> <20050218155222 DOT GE12342 AT trixie DOT casa DOT cgf DOT cx> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="1yeeQ81UyVL57Vl7" Content-Disposition: inline In-Reply-To: <20050218155222.GE12342@trixie.casa.cgf.cx> User-Agent: Mutt/1.5.6+20040907i X-IsSubscribed: yes --1yeeQ81UyVL57Vl7 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Feb 18, 2005 at 10:52:22AM -0500, Christopher Faylor wrote: > On Fri, Feb 18, 2005 at 09:30:35AM -0500, Jean-Sebastien Trottier wrote: > >On Wed, Feb 16, 2005 at 11:23:03AM -0800, David Rothenberger wrote: > >> I'm having a problem with the 20050215 snapshot (and the 20050131 as > >> well). My ssh-agent connection is not being forwarded by ssh. This is > >> working fine with the 20041119 snapshot. > >>=20 > >> Here are the steps to reproduce the problem. I've got ssh and sshd > >> correctly configured to forward ssh-agent connections. The second ssh > >> command should not prompt to the public key passphrase. > >>=20 > >> % keychain ~/.ssh/id_dsa > >>=20 > >> KeyChain 2.0.3; http://www.gentoo.org/projects/keychain > >> Copyright 2002 Gentoo Technologies, Inc.; Distributed under the GPL > >> * All previously running ssh-agent(s) have been stopped. > >> * Initializing /home/drothe/.keychain/tela-sh file... > >> * Initializing /home/drothe/.keychain/tela-csh file... > >> * Starting new ssh-agent > >> * 1 more keys to add... > >> Enter passphrase for /home/drothe/.ssh/id_dsa: > >> Identity added: /home/drothe/.ssh/id_dsa (/home/drothe/.ssh/id_dsa) > >>=20 > >> % . ~/.keychain/tela-sh > >> % ssh `hostname` > >> % ssh `hostname` > >> Enter passphrase for key '/home/drothe/.ssh/id_dsa': > > > >Have you tried " ssh -A `hostname` " instead... just to make sure the > >ssh actually forwards the agent? >=20 > Why would he have to do that? The first one worked. The second one fail= ed. >=20 Without -A or "ForwardAgent yes", the first ssh call will *NOT* forward/create a channel to the ssh-agent to be used by the new shell being opened. Thus, the new shell, unless you source ~/.keychain/tela-sh in it again, will not have an ssh-agent to talk to and will need to ask for the passphrase again. If you use -A, the first ssh call will forward an encrypted channel so that the new shell can access your identity/passphrase for subsequent ssh calls. > >If this works (and it should), add "ForwardAgent yes" to your > >~/.ssh/config file. see "man ssh_config" for details >=20 > Ditto this. If the first invocation works then I don't think there is any > reason to suspect configuration problems. Ditto ;-) Sebastien >=20 > cgf >=20 > -- > Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple > Problem reports: http://cygwin.com/problems.html > Documentation: http://cygwin.com/docs.html > FAQ: http://cygwin.com/faq/ >=20 --1yeeQ81UyVL57Vl7 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFCFiI1WHtULG0eY+ERAkMeAKCL986lnktmsQsEquZUjgW2mrJUnACfdS1e eHgh5/FhWb8xmxlwrtHqJ7I= =pxSP -----END PGP SIGNATURE----- --1yeeQ81UyVL57Vl7--