Menu
I'm trying to set up Capistrano for a webapp I'm working on, and I'm having trouble getting agent forwarding to work.
Here's my ~/.ssh/config:
Host rs
Hostname <ip of my server>
ForwardAgent yes
User root
And I don't think default settings are overriding anything, since ForwardAgent is never mentioned there (except in a commented line).
Here's what happens when I SSH normally:
$ ssh -v deploy@<server>
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /Users/ulyssecarion/.ssh/config
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: /etc/ssh_config line 102: Applying options for *
-- snip --
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
Welcome to Ubuntu 12.04.3 LTS (GNU/Linux 3.8.0-29-generic x86_64)
If I force SSH to allow agent-forwarding with the -A flag, then I can get it work:
$ ssh -Av deploy@<server>
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /Users/ulyssecarion/.ssh/config
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: /etc/ssh_config line 102: Applying options for *
-- snip --
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: Requesting authentication agent forwarding. # Note this additional line here
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
Welcome to Ubuntu 12.04.3 LTS (GNU/Linux 3.8.0-29-generic x86_64)
(Notice that the logs on the second example have an additional line indicating agent forwarding is being requested.)
Is this normal, or am I doing something wrong? Thanks in advance!
840
SSH agent forwarding can be used to make deploying to a server simple. It allows you to use your local SSH keys instead of leaving keys (without passphrases!) sitting on your server. Let's configure and test SSH forwarding using github as remote service to pull our code into the host.
If we don't want to create a config file, you can use the " -A " flag with the ssh command. " -A "option enables forwarding of the authentication agent connection 2. Enable ssh-agent 3. Add the SSH key to the ssh-agent You can replace id_rsa with your key name. It will ask for a passphrase if you are using encrypted keys while adding. 4.
If you don’t have two servers on hand, the easiest way to test if SSH forwarding is working is to add your public key from your local machine to your Github profile and try to SSH from a remote server:
To test that agent forwarding is working with your server, you can SSH into your server and run ssh -T [email protected] once more. If all is well, you'll get back the same prompt as you did locally. If you're unsure if your local key is being used, you can also inspect the SSH_AUTH_SOCK variable on your server:
This block
Host rs
HostName <ip of my server>
ForwardAgent
User root
only applies if your call to ssh looks like
ssh rs
in which case ssh knows that should be used in place of "rs". In your call
ssh -v deploy@<server>
whatever you are using as <server> does not match "rs" (since only the literal string "rs" is going to match), so the block does not apply.
The argument to the Host option must be a pattern which will match the host name you actually use on the command line.
190
There is some great information over on ServerFault about setting up ssh agent forwarding. https://superuser.com/questions/168933/extra-configuration-required-for-ssh-agent-forwarding
One thing I want to point out, the ssh config file on the server might have ForwardAgent commented out, but at least on my config file, it's really listing the ssh defaults. It seems for some versions of openssh you have to set the AllowAgentForwarding option on the server. I've found this article really useful https://help.github.com/articles/using-ssh-agent-forwarding
The way to check if ssh agent forwarding is working is by looking at the $SSH_AUTH_SOCK environment variable.
echo "$SSH_AUTH_SOCK"
42
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
