Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

Clothes make the man. Naked people have little or no influence on society. -- Mark Twain


devel / comp.security.ssh / Agent forwarding works on one remote host but not another

SubjectAuthor
* Agent forwarding works on one remote host but not anotherAdam Funk
+- Re: Agent forwarding works on one remote host but not anotherAdam Funk
`* Re: Agent forwarding works on one remote host but not anotherGrant Taylor
 `* Re: Agent forwarding works on one remote host but not anotherAdam Funk
  `- Re: Agent forwarding works on one remote host but not anotherGrant Taylor

1
Agent forwarding works on one remote host but not another

<j8eacixcr4.ln2@news.ducksburg.com>

 copy mid

https://www.novabbs.com/devel/article-flat.php?id=265&group=comp.security.ssh#265

 copy link   Newsgroups: comp.security.ssh
Path: i2pn2.org!i2pn.org!news.swapon.de!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: a24...@ducksburg.com (Adam Funk)
Newsgroups: comp.security.ssh
Subject: Agent forwarding works on one remote host but not another
Date: Thu, 27 Jan 2022 12:02:59 +0000
Organization: $CABAL
Lines: 29
Message-ID: <j8eacixcr4.ln2@news.ducksburg.com>
X-Trace: individual.net ly36G+YBm4+RJ/YJR4X6qQcb1Adp+3mZWw5+SwJFkcIvaGz/28
X-Orig-Path: news.ducksburg.com!not-for-mail
Cancel-Lock: sha1:g07V5ywdG0hSyBeXwJf+0Ll11Sk= sha1:IU3Ja1Fro1KBZd0MvNSPUQlSJTU=
User-Agent: slrn/pre1.0.4-6 (Linux)
 by: Adam Funk - Thu, 27 Jan 2022 12:02 UTC

(I have read about the risk of ssh agent forwarding and am only using
it in limited circumstances, mainly to do `git pull` on a server.)

adam@laptop $ ssh-add -l
# lists currently unlocked keys correctly

adam@laptop $ ssh -A remote0
# login messages

adam@remote0 $ ssh-add -l
# lists currently unlocked keys correctly

adam@remote0 $ exit
# logout messages

adam@laptop $ ssh -A remote1
# login messages

adam@remote1 $ ssh-add -l
Could not open a connection to your authentication agent.

Do I need to enable something in my configuration on remote1 to make
it work?

Thanks

--
And don't forget my dog, fixed and consequent

Re: Agent forwarding works on one remote host but not another

<0uvacixt3c.ln2@news.ducksburg.com>

 copy mid

https://www.novabbs.com/devel/article-flat.php?id=266&group=comp.security.ssh#266

 copy link   Newsgroups: comp.security.ssh
Path: i2pn2.org!i2pn.org!aioe.org!news.freedyn.de!speedkom.net!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: a24...@ducksburg.com (Adam Funk)
Newsgroups: comp.security.ssh
Subject: Re: Agent forwarding works on one remote host but not another
Date: Thu, 27 Jan 2022 17:04:32 +0000
Organization: $CABAL
Lines: 35
Message-ID: <0uvacixt3c.ln2@news.ducksburg.com>
References: <j8eacixcr4.ln2@news.ducksburg.com>
X-Trace: individual.net 7B2OefRTTiJI6cKlhPFAsQmSKSEF3PMi30qB2eoYkXqgCCkp6H
X-Orig-Path: news.ducksburg.com!not-for-mail
Cancel-Lock: sha1:kYRKZ0A6j5Y07n8bJFkR4hN1Jts= sha1:YThuUeC3dC7nW+Fy7hY85PGwnRc=
User-Agent: slrn/pre1.0.4-6 (Linux)
 by: Adam Funk - Thu, 27 Jan 2022 17:04 UTC

On 2022-01-27, Adam Funk wrote:

> (I have read about the risk of ssh agent forwarding and am only using
> it in limited circumstances, mainly to do `git pull` on a server.)
>
> adam@laptop $ ssh-add -l
> # lists currently unlocked keys correctly
>
> adam@laptop $ ssh -A remote0
> # login messages
>
> adam@remote0 $ ssh-add -l
> # lists currently unlocked keys correctly
>
> adam@remote0 $ exit
> # logout messages
>
> adam@laptop $ ssh -A remote1
> # login messages
>
> adam@remote1 $ ssh-add -l
> Could not open a connection to your authentication agent.
>
>
> Do I need to enable something in my configuration on remote1 to make
> it work?

Oops, it's working now. I think I was using a shared connection
earlier (the first one opened without -A).

--
so ladies, fish, and gentlemen,
here's my angled dream

Re: Agent forwarding works on one remote host but not another

<st1ekr$r6u$1@tncsrv09.home.tnetconsulting.net>

 copy mid

https://www.novabbs.com/devel/article-flat.php?id=267&group=comp.security.ssh#267

 copy link   Newsgroups: comp.security.ssh
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!tncsrv06.tnetconsulting.net!tncsrv09.home.tnetconsulting.net!.POSTED.alpha.home.tnetconsulting.net!not-for-mail
From: gtay...@tnetconsulting.net (Grant Taylor)
Newsgroups: comp.security.ssh
Subject: Re: Agent forwarding works on one remote host but not another
Date: Fri, 28 Jan 2022 12:02:59 -0700
Organization: TNet Consulting
Message-ID: <st1ekr$r6u$1@tncsrv09.home.tnetconsulting.net>
References: <j8eacixcr4.ln2@news.ducksburg.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Fri, 28 Jan 2022 19:02:51 -0000 (UTC)
Injection-Info: tncsrv09.home.tnetconsulting.net; posting-host="alpha.home.tnetconsulting.net:198.18.18.251";
logging-data="27870"; mail-complaints-to="newsmaster@tnetconsulting.net"
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
Thunderbird/78.13.0
In-Reply-To: <j8eacixcr4.ln2@news.ducksburg.com>
Content-Language: en-US
 by: Grant Taylor - Fri, 28 Jan 2022 19:02 UTC

On 1/27/22 5:02 AM, Adam Funk wrote:
> Do I need to enable something in my configuration on remote1 to make
> it work?

The "AllowAgentForwarding" configuration parameter for the sshd daemon
can interfere with / prohibit clients forwarding agents to a server.

For completeness, in case someone else has a problem that isn't related
to shared connections.

--
Grant. . . .
unix || die

Re: Agent forwarding works on one remote host but not another

<64mkcixu5b.ln2@news.ducksburg.com>

 copy mid

https://www.novabbs.com/devel/article-flat.php?id=268&group=comp.security.ssh#268

 copy link   Newsgroups: comp.security.ssh
Path: i2pn2.org!i2pn.org!news.swapon.de!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: a24...@ducksburg.com (Adam Funk)
Newsgroups: comp.security.ssh
Subject: Re: Agent forwarding works on one remote host but not another
Date: Mon, 31 Jan 2022 09:18:30 +0000
Organization: $CABAL
Lines: 14
Message-ID: <64mkcixu5b.ln2@news.ducksburg.com>
References: <j8eacixcr4.ln2@news.ducksburg.com>
<st1ekr$r6u$1@tncsrv09.home.tnetconsulting.net>
X-Trace: individual.net kb6bYayXNo3BBSKLps4w/wEdEM/p2pEit7MJk0Xz35BNdAcgpx
X-Orig-Path: news.ducksburg.com!not-for-mail
Cancel-Lock: sha1:NDuNR4lk4ByjKtJq3L/nO1Ahoj0= sha1:3rkf6qji+X9ga/WnkftUCdWsovQ=
User-Agent: slrn/pre1.0.4-6 (Linux)
 by: Adam Funk - Mon, 31 Jan 2022 09:18 UTC

On 2022-01-28, Grant Taylor wrote:

> On 1/27/22 5:02 AM, Adam Funk wrote:
>> Do I need to enable something in my configuration on remote1 to make
>> it work?
>
> The "AllowAgentForwarding" configuration parameter for the sshd daemon
> can interfere with / prohibit clients forwarding agents to a server.
>
> For completeness, in case someone else has a problem that isn't related
> to shared connections.

That's interesting and useful to remember (although it didn't apply in
my case) --- thanks!

Re: Agent forwarding works on one remote host but not another

<sta7nb$ute$1@tncsrv09.home.tnetconsulting.net>

 copy mid

https://www.novabbs.com/devel/article-flat.php?id=269&group=comp.security.ssh#269

 copy link   Newsgroups: comp.security.ssh
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!tncsrv06.tnetconsulting.net!tncsrv09.home.tnetconsulting.net!.POSTED.alpha.home.tnetconsulting.net!not-for-mail
From: gtay...@tnetconsulting.net (Grant Taylor)
Newsgroups: comp.security.ssh
Subject: Re: Agent forwarding works on one remote host but not another
Date: Mon, 31 Jan 2022 20:00:04 -0700
Organization: TNet Consulting
Message-ID: <sta7nb$ute$1@tncsrv09.home.tnetconsulting.net>
References: <j8eacixcr4.ln2@news.ducksburg.com>
<st1ekr$r6u$1@tncsrv09.home.tnetconsulting.net>
<64mkcixu5b.ln2@news.ducksburg.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Tue, 1 Feb 2022 02:59:55 -0000 (UTC)
Injection-Info: tncsrv09.home.tnetconsulting.net; posting-host="alpha.home.tnetconsulting.net:198.18.18.251";
logging-data="31662"; mail-complaints-to="newsmaster@tnetconsulting.net"
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
Thunderbird/78.13.0
In-Reply-To: <64mkcixu5b.ln2@news.ducksburg.com>
Content-Language: en-US
 by: Grant Taylor - Tue, 1 Feb 2022 03:00 UTC

On 1/31/22 2:18 AM, Adam Funk wrote:
> That's interesting and useful to remember

Yep.

> (although it didn't apply in my case)

Hence the "For completeness, in case someone else". ;-)

> thanks!

You're welcome.

--
Grant. . . .
unix || die

1
server_pubkey.txt

rocksolid light 0.9.7
clearnet tor