Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Date: Fri, 18 Feb 2005 13:26:31 -0500 From: Christopher Faylor To: cygwin AT cygwin DOT com Subject: Re: Problem with 20050215 snapshot and ssh-agent forwarding Message-ID: <20050218182631.GF15839@trixie.casa.cgf.cx> Reply-To: cygwin AT cygwin DOT com References: <20050216192355.SUQO15146.out004.verizon.net@[127.0.0.1]> <20050218143035 DOT GA31409 AT gw DOT jsoft DOT lan> <20050218155222 DOT GE12342 AT trixie DOT casa DOT cgf DOT cx> <20050218171325 DOT GA3466 AT gw DOT jsoft DOT lan> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050218171325.GA3466@gw.jsoft.lan> User-Agent: Mutt/1.4.1i On Fri, Feb 18, 2005 at 12:13:25PM -0500, Jean-Sebastien Trottier wrote: >On Fri, Feb 18, 2005 at 10:52:22AM -0500, Christopher Faylor wrote: >> On Fri, Feb 18, 2005 at 09:30:35AM -0500, Jean-Sebastien Trottier wrote: >> >On Wed, Feb 16, 2005 at 11:23:03AM -0800, David Rothenberger wrote: >> >> I'm having a problem with the 20050215 snapshot (and the 20050131 as >> >> well). My ssh-agent connection is not being forwarded by ssh. This is >> >> working fine with the 20041119 snapshot. >> >> >> >> Here are the steps to reproduce the problem. I've got ssh and sshd >> >> correctly configured to forward ssh-agent connections. The second ssh >> >> command should not prompt to the public key passphrase. >> >> >> >> % keychain ~/.ssh/id_dsa >> >> >> >> KeyChain 2.0.3; http://www.gentoo.org/projects/keychain >> >> Copyright 2002 Gentoo Technologies, Inc.; Distributed under the GPL >> >> * All previously running ssh-agent(s) have been stopped. >> >> * Initializing /home/drothe/.keychain/tela-sh file... >> >> * Initializing /home/drothe/.keychain/tela-csh file... >> >> * Starting new ssh-agent >> >> * 1 more keys to add... >> >> Enter passphrase for /home/drothe/.ssh/id_dsa: >> >> Identity added: /home/drothe/.ssh/id_dsa (/home/drothe/.ssh/id_dsa) >> >> >> >> % . ~/.keychain/tela-sh >> >> % ssh `hostname` >> >> % ssh `hostname` >> >> Enter passphrase for key '/home/drothe/.ssh/id_dsa': >> > >> >Have you tried " ssh -A `hostname` " instead... just to make sure the >> >ssh actually forwards the agent? >> >> Why would he have to do that? The first one worked. The second one failed. >> > >Without -A or "ForwardAgent yes", the first ssh call will *NOT* >forward/create a channel to the ssh-agent to be used by the new shell >being opened. > >Thus, the new shell, unless you source ~/.keychain/tela-sh in it again, >will not have an ssh-agent to talk to and will need to ask for the >passphrase again. > > >If you use -A, the first ssh call will forward an encrypted channel so >that the new shell can access your identity/passphrase for subsequent >ssh calls. Ah, I see. You're taking what he wrote literally and I wasn't. I'd assumed that these were two separate invocations of ssh, not nested ones. But, my assumption makes no sense and your advice does make sense given what was reported. Apologies for the confusion. cgf -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/