From owner-freebsd-questions Wed Nov 28 6:16:35 2001 Delivered-To: freebsd-questions@freebsd.org Received: from ns2.wananchi.com (ns2.wananchi.com [212.49.74.4]) by hub.freebsd.org (Postfix) with ESMTP id 3284037B405 for ; Wed, 28 Nov 2001 06:16:28 -0800 (PST) Received: from wash by ns2.wananchi.com with local (Exim 3.33 #1 (FreeBSD)) id 1695Ug-0005q3-00; Wed, 28 Nov 2001 17:15:22 +0300 Date: Wed, 28 Nov 2001 17:15:22 +0300 From: Odhiambo Washington To: freebsd-questions@freebsd.org Cc: juha.o.ylitalo@nokia.com Subject: Re: ssh agent forwarding with FreeBSD and Linux... Message-ID: <20011128171522.E14252@ns2.wananchi.com> Mail-Followup-To: Odhiambo Washington , freebsd-questions@freebsd.org, juha.o.ylitalo@nokia.com References: <20011128143703.D1623@jylitwork.lnx.nokia.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="envbJBWh7q8WU6mo" Content-Disposition: inline In-Reply-To: <20011128143703.D1623@jylitwork.lnx.nokia.com> User-Agent: Mutt/1.3.23i X-Disclaimer: Any views expressed in this message,where not explicitly attributed otherwise, are mine alone!. X-Fortune: "Pascal is Pascal is Pascal is dog meat." -- M. Devine and P. Larson, Computer Science 340 X-Operating-System: FreeBSD 4.4-STABLE i386 X-Best-Window-Manager: XFCE X-Designation: Systems Administrator, Wananchi Online Ltd. X-Location: Nairobi, KE, East Africa. X-Uptime: 5:12PM up 8:03, 2 users, load averages: 2.22, 1.85, 1.27 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --envbJBWh7q8WU6mo Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable * Ylitalo Juha . O [20011128 15:36]: wrote: > I think I have found funny problem, but I don't know where I should > report about it or if someone would have solution for it. To summarize > it, ssh authentication agent forwarding doesnt seem to work in ssh > protocol 2 >=20 > To give you complete picture about situation, we probably should start > with more detailed information about environment. It consists one > RedHat Linux 7.1 (openssh 2.9p2) and FreeBSD 4.4-RELEASE (openssh > 2.3.0). >=20 > In RH box, I've started my session with "exec ssh-agent > gnome-session", I've then added my sshv1 and sshv2 identities into > agent. >=20 > [jylitalo@jylitwork jylitalo]$ ssh-add -l 1024 > 84:c6:5d:ab:21:62:32:84:5d:cd:fd:f9:2b:f3:40:6f > jylitalo@jylitpc.ntc.nokia.com (RSA1) 1024 > 0d:38:19:99:b6:9a:8e:29:db:5c:5f:0e:df:a3:7c:94 dsa w/o comment (DSA) > [jylitalo@jylitwork jylitalo]$ >=20 > I have first identity in FreeBSD machines ~/.ssh/authorized_keys and > second one in authorized_keys2 file and I don't have any problems at > doing ssh commands from RH box to FreeBSD. >=20 > Things start going wrong, if I first open session with=20 > "ssh -A FreeBSD" and then try to give "ssh-add -l". > bash-2.05$ ssh-add -l > Could not open a connection to your authentication agent. > bash-2.05$=20 > Also I don't seem to have SSH_AUTH_SOCK defined in my environment. >=20 > Work-around to this situation is to use "ssh -1 -A FreeBSD" command > for that session, because then "ssh-add -l" will work correctly and I > have SSH_AUTH_SOCK is defined. If someone has found same situation and > found way to fix it (other than editing /etc/ssh/ssh_config in RH > box), I would love to hear about it. I have no problem at all ssh-ing from FreeBSD to Linux (Redhead 6.2): ns2 is FreeBSD and "3" (aka ns1) is Redhead Linux (3 is an alias to ssh -l = root -c blowfish ns1) wash@ns2 ('tty') ~/.ssh 35 -> 3 -v OpenSSH_2.9 FreeBSD localisations 20010713, SSH protocols 1.5/2.0, OpenSSL = 0x0090601f debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Rhosts Authentication disabled, originating port will not be truste= d. debug1: restore_uid debug1: ssh_connect: getuid 3497 geteuid 3497 anon 1 debug1: Connecting to ns1.wananchi.com [62.8.64.3] port 22. debug1: temporarily_use_uid: 3497/0 (e=3D3497) debug1: restore_uid debug1: temporarily_use_uid: 3497/0 (e=3D3497) debug1: restore_uid debug1: Connection established. debug1: identity file /home/wash/.ssh/identity type 0 debug1: identity file /home/wash/.ssh/id_rsa type -1 debug1: identity file /home/wash/.ssh/id_dsa type -1 debug1: Remote protocol version 1.99, remote software version OpenSSH_2.5.1= p2 debug1: match: OpenSSH_2.5.1p2 pat ^OpenSSH_2\.5\.[012] debug1: Local version string SSH-1.5-OpenSSH_2.9 FreeBSD localisations 2001= 0713 debug1: Waiting for server public key. debug1: Received server public key (768 bits) and host key (1024 bits). debug1: Host 'ns1.wananchi.com' is known and matches the RSA1 host key. debug1: Found key in /home/wash/.ssh/known_hosts:6 debug1: Encryption type: blowfish debug1: Sent encrypted session key. debug1: Installing crc compensation attack detector. debug1: Received encrypted confirmation. debug1: Trying RSA authentication with key 'wash@ns2.wananchi.com' debug1: Received RSA challenge from server. debug1: Sending response to host key RSA challenge. debug1: Remote: RSA authentication accepted. debug1: RSA authentication accepted by server. debug1: Requesting pty. debug1: Requesting shell. debug1: Entering interactive session. Last login: Tue Nov 27 17:35:25 2001 from ns2.wananchi.com [root@ns1 /root]# -Wash S y s t e m s A d m i n. --=20 Odhiambo Washington "The box said 'Requires Wananchi Online Ltd. www.wananchi.com Windows 95, NT, or better,' Tel: 254 2 313985-9 Fax: 254 2 313922 so I installed FreeBSD." =20 GSM: 254 72 743 223 GSM: 254 733 744 121 This sig is McQ! :-) ++ Overflow on /dev/null, please empty the bit bucket. --envbJBWh7q8WU6mo Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8BPF6n7LIsuxjem8RAk5iAJ45xjSnlw7DJwqC8iZIEBQPLDQSNgCgoTO2 hD3XRJKQ23DQARlmmmaPEJc= =xrH6 -----END PGP SIGNATURE----- --envbJBWh7q8WU6mo-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message