Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Date: Fri, 18 Feb 2005 15:07:55 -0500 From: Jean-Sebastien Trottier To: cygwin AT cygwin DOT com Subject: Re: Problem with 20050215 snapshot and ssh-agent forwarding Message-ID: <20050218200755.GA11774@gw.jsoft.lan> Mail-Followup-To: cygwin AT cygwin DOT com References: <20050216192355.SUQO15146.out004.verizon.net@[127.0.0.1]> <20050218143035 DOT GA31409 AT gw DOT jsoft DOT lan> <42162434 DOT 8020300 AT acm DOT org> <20050218184114 DOT GG15839 AT trixie DOT casa DOT cgf DOT cx> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="fUYQa+Pmc3FrFX/N" Content-Disposition: inline In-Reply-To: <20050218184114.GG15839@trixie.casa.cgf.cx> User-Agent: Mutt/1.5.6+20040907i X-IsSubscribed: yes --fUYQa+Pmc3FrFX/N Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Feb 18, 2005 at 01:41:14PM -0500, Christopher Faylor wrote: > On Fri, Feb 18, 2005 at 09:21:56AM -0800, David Rothenberger wrote: > >On 2/18/2005 6:30 AM, Jean-Sebastien Trottier wrote: > >>On Wed, Feb 16, 2005 at 11:23:03AM -0800, David Rothenberger wrote: > >> > >>>I'm having a problem with the 20050215 snapshot (and the 20050131 as > >>>well). My ssh-agent connection is not being forwarded by ssh. This is > >>>working fine with the 20041119 snapshot. > >>> > >>Have you tried " ssh -A `hostname` " instead... just to make sure the > >>ssh actually forwards the agent? > >> > >>If this works (and it should), add "ForwardAgent yes" to your > >>~/.ssh/config file. see "man ssh_config" for details > > > >Yeah, I know about configuring ssh. As I mentioned in my original email,= =20 > >this is working fine for me with the 20041119 snapshot. So, I do have=20 > >things configured correctly. But, I did try it with the -A switch and=20 > >had the same result. >=20 > I still can't duplicate this. Sorry. >=20 I'm able to reproduce it here... With "current" cygwin1.dll version: inside the ssh session, $SSH_AUTH_SOCK points to: % ls -l $SSH_AUTH_SOCK srwxrwxrwx 1 SYSTEM root 51 Feb 18 14:52 /tmp/ssh-rsSRvl3964/agent.396= 4=3D % getfacl $SSH_AUTH_SOCK # file: /tmp/ssh-rsSRvl3964/agent.3964 # owner: SYSTEM # group: root user::rwx group::rwx mask:rwx other:rwx ssh client is able to use this socket for further public key verfificat= ion With 20050215 snapshot: inside the ssh session, $SSH_AUTH_SOCK points to: % ls -l $SSH_AUTH_SOCK ls: /tmp/ssh-fHDEinn252/agent.252: Permission denied % getfacl $SSH_AUTH_SOCK getfacl: Permission denied ssh client is *NOT* able to use this socket. With both versions, the permissions on the socket's directory are exactly the same: % ls -ld /tmp/ssh-rsSRvl3964 drwx------+ 2 SYSTEM root 0 Feb 18 14:52 /tmp/ssh-rsSRvl3964 % getfacl /tmp/ssh-rsSRvl3964 # file: /tmp/ssh-rsSRvl3964 # owner: SYSTEM # group: root user::rwx group::--- mask:rwx other:--- default:user::rwx default:group::--- default:other:--- I hope this helps... at least it should give you a clue Note: I've got sshd running as a SYSTEM service. Running is in non-detached or debug mode works fine, obviously. Sebastien > cgf >=20 > -- > Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple > Problem reports: http://cygwin.com/problems.html > Documentation: http://cygwin.com/docs.html > FAQ: http://cygwin.com/faq/ >=20 --fUYQa+Pmc3FrFX/N Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFCFksbWHtULG0eY+ERAvAlAJ402arMVDyV5JZZL/jho6PXuUoAZACeMKcq q8W/8Et7jbJmsI3LRjR4SBg= =X9VX -----END PGP SIGNATURE----- --fUYQa+Pmc3FrFX/N--