Site Navigation

Date:      Wed, 28 Nov 2001 17:15:22 +0300
From:      Odhiambo Washington <wash@wananchi.com>
To:        freebsd-questions@freebsd.org
Cc:        juha.o.ylitalo@nokia.com
Subject:   Re: ssh agent forwarding with FreeBSD and Linux...
Message-ID:  <20011128171522.E14252@ns2.wananchi.com>
In-Reply-To: <20011128143703.D1623@jylitwork.lnx.nokia.com>
References:  <20011128143703.D1623@jylitwork.lnx.nokia.com>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

--envbJBWh7q8WU6mo
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

* Ylitalo Juha . O <juha.o.ylitalo@nokia.com> [20011128 15:36]: wrote:
> I think I have found funny problem, but I don't know where I should
> report about it or if someone would have solution for it. To summarize
> it, ssh authentication agent forwarding doesnt seem to work in ssh
> protocol 2
>=20
> To give you complete picture about situation, we probably should start
> with more detailed information about environment. It consists one
> RedHat Linux 7.1 (openssh 2.9p2) and FreeBSD 4.4-RELEASE (openssh
> 2.3.0).
>=20
> In RH box, I've started my session with "exec ssh-agent
> gnome-session", I've then added my sshv1 and sshv2 identities into
> agent.
>=20
> [jylitalo@jylitwork jylitalo]$ ssh-add -l 1024
> 84:c6:5d:ab:21:62:32:84:5d:cd:fd:f9:2b:f3:40:6f
> jylitalo@jylitpc.ntc.nokia.com (RSA1) 1024
> 0d:38:19:99:b6:9a:8e:29:db:5c:5f:0e:df:a3:7c:94 dsa w/o comment (DSA)
> [jylitalo@jylitwork jylitalo]$
>=20
> I have first identity in FreeBSD machines ~/.ssh/authorized_keys and
> second one in authorized_keys2 file and I don't have any problems at
> doing ssh commands from RH box to FreeBSD.
>=20
> Things start going wrong, if I first open session with=20
> "ssh -A FreeBSD" and then try to give "ssh-add -l".
> bash-2.05$ ssh-add -l
> Could not open a connection to your authentication agent.
> bash-2.05$=20
> Also I don't seem to have SSH_AUTH_SOCK defined in my environment.
>=20
> Work-around to this situation is to use "ssh -1 -A FreeBSD" command
> for that session, because then "ssh-add -l" will work correctly and I
> have SSH_AUTH_SOCK is defined. If someone has found same situation and
> found way to fix it (other than editing /etc/ssh/ssh_config in RH
> box), I would love to hear about it.

I have no problem at all ssh-ing from FreeBSD to Linux (Redhead 6.2):
ns2 is FreeBSD and "3" (aka ns1) is Redhead Linux (3 is an alias to ssh -l =
root -c blowfish ns1)

wash@ns2 ('tty') ~/.ssh 35 -> 3 -v
OpenSSH_2.9 FreeBSD localisations 20010713, SSH protocols 1.5/2.0, OpenSSL =
0x0090601f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be truste=
d.
debug1: restore_uid
debug1: ssh_connect: getuid 3497 geteuid 3497 anon 1
debug1: Connecting to ns1.wananchi.com [62.8.64.3] port 22.
debug1: temporarily_use_uid: 3497/0 (e=3D3497)
debug1: restore_uid
debug1: temporarily_use_uid: 3497/0 (e=3D3497)
debug1: restore_uid
debug1: Connection established.
debug1: identity file /home/wash/.ssh/identity type 0
debug1: identity file /home/wash/.ssh/id_rsa type -1
debug1: identity file /home/wash/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_2.5.1=
p2
debug1: match: OpenSSH_2.5.1p2 pat ^OpenSSH_2\.5\.[012]
debug1: Local version string SSH-1.5-OpenSSH_2.9 FreeBSD localisations 2001=
0713
debug1: Waiting for server public key.
debug1: Received server public key (768 bits) and host key (1024 bits).
debug1: Host 'ns1.wananchi.com' is known and matches the RSA1 host key.
debug1: Found key in /home/wash/.ssh/known_hosts:6
debug1: Encryption type: blowfish
debug1: Sent encrypted session key.
debug1: Installing crc compensation attack detector.
debug1: Received encrypted confirmation.
debug1: Trying RSA authentication with key 'wash@ns2.wananchi.com'
debug1: Received RSA challenge from server.
debug1: Sending response to host key RSA challenge.
debug1: Remote: RSA authentication accepted.
debug1: RSA authentication accepted by server.
debug1: Requesting pty.
debug1: Requesting shell.
debug1: Entering interactive session.
Last login: Tue Nov 27 17:35:25 2001 from ns2.wananchi.com
[root@ns1 /root]#


-Wash

S y s t e m s   A d m i n.

--=20
Odhiambo Washington  <wash@wananchi.com>    "The box said 'Requires
Wananchi Online Ltd.  www.wananchi.com      Windows 95, NT, or better,'
Tel: 254 2 313985-9   Fax: 254 2 313922     so I installed FreeBSD."  =20
GSM: 254 72 743 223   GSM: 254 733 744 121  This sig is McQ!  :-)

++
Overflow on /dev/null, please empty the bit bucket.

--envbJBWh7q8WU6mo
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE8BPF6n7LIsuxjem8RAk5iAJ45xjSnlw7DJwqC8iZIEBQPLDQSNgCgoTO2
hD3XRJKQ23DQARlmmmaPEJc=
=xrH6
-----END PGP SIGNATURE-----

--envbJBWh7q8WU6mo--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011128171522.E14252>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact