Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  nodelist  faq  login

"sic transit discus mundi" (From the System Administrator's Guide, by Lars Wirzenius)


computers / comp.security.ssh / Re: Agent forwarding works on one remote host but not another

SubjectAuthor
* Agent forwarding works on one remote host but not anotherAdam Funk
+- Re: Agent forwarding works on one remote host but not anotherAdam Funk
`* Re: Agent forwarding works on one remote host but not anotherGrant Taylor
 `* Re: Agent forwarding works on one remote host but not anotherAdam Funk
  `- Re: Agent forwarding works on one remote host but not anotherGrant Taylor

1
Subject: Agent forwarding works on one remote host but not another
From: Adam Funk
Newsgroups: comp.security.ssh
Organization: $CABAL
Date: Thu, 27 Jan 2022 12:02 UTC
Path: i2pn2.org!i2pn.org!news.swapon.de!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: a24...@ducksburg.com (Adam Funk)
Newsgroups: comp.security.ssh
Subject: Agent forwarding works on one remote host but not another
Date: Thu, 27 Jan 2022 12:02:59 +0000
Organization: $CABAL
Lines: 29
Message-ID: <j8eacixcr4.ln2@news.ducksburg.com>
X-Trace: individual.net ly36G+YBm4+RJ/YJR4X6qQcb1Adp+3mZWw5+SwJFkcIvaGz/28
X-Orig-Path: news.ducksburg.com!not-for-mail
Cancel-Lock: sha1:g07V5ywdG0hSyBeXwJf+0Ll11Sk= sha1:IU3Ja1Fro1KBZd0MvNSPUQlSJTU=
User-Agent: slrn/pre1.0.4-6 (Linux)
View all headers
(I have read about the risk of ssh agent forwarding and am only using
it in limited circumstances, mainly to do `git pull` on a server.)

adam@laptop $ ssh-add -l
# lists currently unlocked keys correctly

adam@laptop $ ssh -A remote0
# login messages

adam@remote0 $ ssh-add -l
# lists currently unlocked keys correctly

adam@remote0 $ exit
# logout messages

adam@laptop $ ssh -A remote1
# login messages

adam@remote1 $ ssh-add -l
Could not open a connection to your authentication agent.


Do I need to enable something in my configuration on remote1 to make
it work?

Thanks

--
And don't forget my dog, fixed and consequent


Subject: Re: Agent forwarding works on one remote host but not another
From: Adam Funk
Newsgroups: comp.security.ssh
Organization: $CABAL
Date: Thu, 27 Jan 2022 17:04 UTC
References: 1
Path: i2pn2.org!i2pn.org!aioe.org!news.freedyn.de!speedkom.net!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: a24...@ducksburg.com (Adam Funk)
Newsgroups: comp.security.ssh
Subject: Re: Agent forwarding works on one remote host but not another
Date: Thu, 27 Jan 2022 17:04:32 +0000
Organization: $CABAL
Lines: 35
Message-ID: <0uvacixt3c.ln2@news.ducksburg.com>
References: <j8eacixcr4.ln2@news.ducksburg.com>
X-Trace: individual.net 7B2OefRTTiJI6cKlhPFAsQmSKSEF3PMi30qB2eoYkXqgCCkp6H
X-Orig-Path: news.ducksburg.com!not-for-mail
Cancel-Lock: sha1:kYRKZ0A6j5Y07n8bJFkR4hN1Jts= sha1:YThuUeC3dC7nW+Fy7hY85PGwnRc=
User-Agent: slrn/pre1.0.4-6 (Linux)
View all headers
On 2022-01-27, Adam Funk wrote:

(I have read about the risk of ssh agent forwarding and am only using
it in limited circumstances, mainly to do `git pull` on a server.)

adam@laptop $ ssh-add -l
# lists currently unlocked keys correctly

adam@laptop $ ssh -A remote0
# login messages

adam@remote0 $ ssh-add -l
# lists currently unlocked keys correctly

adam@remote0 $ exit
# logout messages

adam@laptop $ ssh -A remote1
# login messages

adam@remote1 $ ssh-add -l
Could not open a connection to your authentication agent.


Do I need to enable something in my configuration on remote1 to make
it work?

Oops, it's working now. I think I was using a shared connection
earlier (the first one opened without -A).



--
so ladies, fish, and gentlemen,
here's my angled dream


Subject: Re: Agent forwarding works on one remote host but not another
From: Grant Taylor
Newsgroups: comp.security.ssh
Organization: TNet Consulting
Date: Fri, 28 Jan 2022 19:02 UTC
References: 1
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!tncsrv06.tnetconsulting.net!tncsrv09.home.tnetconsulting.net!.POSTED.alpha.home.tnetconsulting.net!not-for-mail
From: gtay...@tnetconsulting.net (Grant Taylor)
Newsgroups: comp.security.ssh
Subject: Re: Agent forwarding works on one remote host but not another
Date: Fri, 28 Jan 2022 12:02:59 -0700
Organization: TNet Consulting
Message-ID: <st1ekr$r6u$1@tncsrv09.home.tnetconsulting.net>
References: <j8eacixcr4.ln2@news.ducksburg.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Fri, 28 Jan 2022 19:02:51 -0000 (UTC)
Injection-Info: tncsrv09.home.tnetconsulting.net; posting-host="alpha.home.tnetconsulting.net:198.18.18.251";
logging-data="27870"; mail-complaints-to="newsmaster@tnetconsulting.net"
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
Thunderbird/78.13.0
In-Reply-To: <j8eacixcr4.ln2@news.ducksburg.com>
Content-Language: en-US
View all headers
On 1/27/22 5:02 AM, Adam Funk wrote:
Do I need to enable something in my configuration on remote1 to make it work?

The "AllowAgentForwarding" configuration parameter for the sshd daemon can interfere with / prohibit clients forwarding agents to a server.

For completeness, in case someone else has a problem that isn't related to shared connections.



--
Grant. . . .
unix || die


Subject: Re: Agent forwarding works on one remote host but not another
From: Adam Funk
Newsgroups: comp.security.ssh
Organization: $CABAL
Date: Mon, 31 Jan 2022 09:18 UTC
References: 1 2
Path: i2pn2.org!i2pn.org!news.swapon.de!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: a24...@ducksburg.com (Adam Funk)
Newsgroups: comp.security.ssh
Subject: Re: Agent forwarding works on one remote host but not another
Date: Mon, 31 Jan 2022 09:18:30 +0000
Organization: $CABAL
Lines: 14
Message-ID: <64mkcixu5b.ln2@news.ducksburg.com>
References: <j8eacixcr4.ln2@news.ducksburg.com>
<st1ekr$r6u$1@tncsrv09.home.tnetconsulting.net>
X-Trace: individual.net kb6bYayXNo3BBSKLps4w/wEdEM/p2pEit7MJk0Xz35BNdAcgpx
X-Orig-Path: news.ducksburg.com!not-for-mail
Cancel-Lock: sha1:NDuNR4lk4ByjKtJq3L/nO1Ahoj0= sha1:3rkf6qji+X9ga/WnkftUCdWsovQ=
User-Agent: slrn/pre1.0.4-6 (Linux)
View all headers
On 2022-01-28, Grant Taylor wrote:

On 1/27/22 5:02 AM, Adam Funk wrote:
Do I need to enable something in my configuration on remote1 to make
it work?

The "AllowAgentForwarding" configuration parameter for the sshd daemon
can interfere with / prohibit clients forwarding agents to a server.

For completeness, in case someone else has a problem that isn't related
to shared connections.

That's interesting and useful to remember (although it didn't apply in
my case) --- thanks!


Subject: Re: Agent forwarding works on one remote host but not another
From: Grant Taylor
Newsgroups: comp.security.ssh
Organization: TNet Consulting
Date: Tue, 1 Feb 2022 03:00 UTC
References: 1 2 3
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!tncsrv06.tnetconsulting.net!tncsrv09.home.tnetconsulting.net!.POSTED.alpha.home.tnetconsulting.net!not-for-mail
From: gtay...@tnetconsulting.net (Grant Taylor)
Newsgroups: comp.security.ssh
Subject: Re: Agent forwarding works on one remote host but not another
Date: Mon, 31 Jan 2022 20:00:04 -0700
Organization: TNet Consulting
Message-ID: <sta7nb$ute$1@tncsrv09.home.tnetconsulting.net>
References: <j8eacixcr4.ln2@news.ducksburg.com>
<st1ekr$r6u$1@tncsrv09.home.tnetconsulting.net>
<64mkcixu5b.ln2@news.ducksburg.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Tue, 1 Feb 2022 02:59:55 -0000 (UTC)
Injection-Info: tncsrv09.home.tnetconsulting.net; posting-host="alpha.home.tnetconsulting.net:198.18.18.251";
logging-data="31662"; mail-complaints-to="newsmaster@tnetconsulting.net"
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
Thunderbird/78.13.0
In-Reply-To: <64mkcixu5b.ln2@news.ducksburg.com>
Content-Language: en-US
View all headers
On 1/31/22 2:18 AM, Adam Funk wrote:
That's interesting and useful to remember

Yep.

(although it didn't apply in my case)

Hence the "For completeness, in case someone else".  ;-)

thanks!

You're welcome.



--
Grant. . . .
unix || die


1
rocksolid light 0.7.2
clearneti2ptor