Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

SSH ignores my ForwardAgent config?

Tags:

ssh

I'm trying to set up Capistrano for a webapp I'm working on, and I'm having trouble getting agent forwarding to work.

Here's my ~/.ssh/config:

Host rs
Hostname <ip of my server>
  ForwardAgent yes

User root

And I don't think default settings are overriding anything, since ForwardAgent is never mentioned there (except in a commented line).

Here's what happens when I SSH normally:

$ ssh -v deploy@<server>
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /Users/ulyssecarion/.ssh/config
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: /etc/ssh_config line 102: Applying options for *

-- snip --

debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
Welcome to Ubuntu 12.04.3 LTS (GNU/Linux 3.8.0-29-generic x86_64)

If I force SSH to allow agent-forwarding with the -A flag, then I can get it work:

$ ssh -Av deploy@<server>
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /Users/ulyssecarion/.ssh/config
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: /etc/ssh_config line 102: Applying options for *

-- snip --

debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: Requesting authentication agent forwarding. # Note this additional line here
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
Welcome to Ubuntu 12.04.3 LTS (GNU/Linux 3.8.0-29-generic x86_64)

(Notice that the logs on the second example have an additional line indicating agent forwarding is being requested.)

Is this normal, or am I doing something wrong? Thanks in advance!

like image 840
ucarion Avatar asked Mar 05 '14 07:03

ucarion

People also ask

What is ssh agent forwarding and how to use it?

SSH agent forwarding can be used to make deploying to a server simple. It allows you to use your local SSH keys instead of leaving keys (without passphrases!) sitting on your server. Let's configure and test SSH forwarding using github as remote service to pull our code into the host.

How to configure ssh-agent without a config file?

If we don't want to create a config file, you can use the " -A " flag with the ssh command. " -A "option enables forwarding of the authentication agent connection 2. Enable ssh-agent 3. Add the SSH key to the ssh-agent You can replace id_rsa with your key name. It will ask for a passphrase if you are using encrypted keys while adding. 4.

How do I test if SSH forwarding is working on GitHub?

If you don’t have two servers on hand, the easiest way to test if SSH forwarding is working is to add your public key from your local machine to your Github profile and try to SSH from a remote server:

How do I test if agent forwarding is working with Git?

To test that agent forwarding is working with your server, you can SSH into your server and run ssh -T [email protected] once more. If all is well, you'll get back the same prompt as you did locally. If you're unsure if your local key is being used, you can also inspect the SSH_AUTH_SOCK variable on your server:

2 Answers

This block

Host rs
  HostName <ip of my server>
  ForwardAgent
  User root

only applies if your call to ssh looks like

ssh rs

in which case ssh knows that should be used in place of "rs". In your call

ssh -v deploy@<server>

whatever you are using as <server> does not match "rs" (since only the literal string "rs" is going to match), so the block does not apply.

The argument to the Host option must be a pattern which will match the host name you actually use on the command line.

like image 190
chepner Avatar answered Oct 18 '22 13:10

chepner

There is some great information over on ServerFault about setting up ssh agent forwarding. https://superuser.com/questions/168933/extra-configuration-required-for-ssh-agent-forwarding

One thing I want to point out, the ssh config file on the server might have ForwardAgent commented out, but at least on my config file, it's really listing the ssh defaults. It seems for some versions of openssh you have to set the AllowAgentForwarding option on the server. I've found this article really useful https://help.github.com/articles/using-ssh-agent-forwarding

The way to check if ssh agent forwarding is working is by looking at the $SSH_AUTH_SOCK environment variable.

echo "$SSH_AUTH_SOCK"

like image 42
Tracy Hurley Avatar answered Oct 18 '22 13:10

Tracy Hurley
Sign in to Comment

Related questions

Is there any way of having maven scp wagon work consistently on linux/mac/windows platform?
SSH connections with PHP
GitHub "Failed connect to github" No Error
Connecting to EC2 Instance via Terminal on Mac
Gerrit push not working. Remote rejected, prohibited by gerrit
Have sshd forward logins of git user to a (GitLab) Docker container
Heroku keys "Cannot read property 'run' of undefined"
Docker SSH forwarding - bind: Address not available
I'd like to run a command over ssh from a windows box running using c#
Logging in via a script to a remote server and execute a set of commands
SSH in Java App with 'expect' like functionality [closed]
Configure Git to use a .pem key from a specific location
Separate SSH and SFTP [closed]
Paramiko/cryptography deprecation warnings: CryptographyDeprecationWarning: encode_point has been deprecated on EllipticCurvePublicNumbers [duplicate]
Can I make SSH Authentication Lightning Fast?
How to pass local machine's SSH key to docker container?
Connect to remote host from Aptana Studio 3 terminal
How to work with ssh in PhpStorm?
Connecting to host by SSH client in Linux by proxy [closed]
SSH into vagrant with X server set up

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!