[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Google
  Web www.spinics.net

Re: Trouble with agent forwarding

I guess your problem is that the root ssh public key is not in somename's authorized_keys on machine C.
When you do 'sudo ssh someone@C' you're loading root's profile on the originating box, as if root was launching the ssh command, therefor ssh loads root's public key and tries to authenticate with it on machine C against your remote user's authorized keys.

-Ed

----- Original Message ----
> From: Iwan Vosloo <iwan@xxxxxxxxx>
> To: secureshell@xxxxxxxxxxxxxxxxx
> Sent: Thursday, June 19, 2008 5:21:46 AM
> Subject: Trouble with agent forwarding
> 
> Hi.
> 
> After an upgrade, we are having trouble with openssh and agent
> forwarding, and are stumped at trying to find the source of our
> troubles. Any pointers to help us debug would be appreciated:
> 
> 
> Previously, we had 
> (a) developer workstations, with our ssh keys in the normal place:    
>      ~/.ssh/id_rsa{,.pub}
> (b) Prod machine B, with ~/.ssh/authorized_keys{,2} 
>      (containing the public keys of our developers).
> (c) Prod machine C, set up like B
> 
> On developer boxes, we have /etc/ssh/ssh_config with the following
> (assume C is the domain name of the said production machines):
> 
> Host C
>    ForwardAgent yes
> 
> With this setup, we were able to execute the following two commands from
> an ssh session to machine B:
> 
> ssh C ls
> sudo ssh somename@C ls
> 
> This was on Ubuntu Gutsy, with openssh version 1:4.6p1-5ubuntu0.5 and
> sudo version 1.6.8p12-5ubuntu2.
> Then we upgraded to Ubuntu Hardy, with openssh version
> 1:4.7p1-8ubuntu1.2 and sudo version 1.6.9p10-1ubuntu3.2.
> 
> After the upgrade, we can still do 
> ssh C ls
> 
> But NOT
> sudo ssh somename@C ls
> 
> 
> Should it be possible to let agent forwarding work like this "through"
> sudo? 
> Where do we go to search for the problem? 
> It certainly was working before...
> 
> Thanks
> - Iwan



      __________________________________________________________________
Looking for the perfect gift? Give the gift of Flickr! 

http://www.flickr.com/gift/

[Home]     [Fedora Users]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Bible]     [Big List of Linux Books]     [Yosemite Photos]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

Add to Google Powered by Linux