openssh bugs - Mar 2011 - [Bug 1874] New: Cannot enable agent forwarding if persistent master connection exists with no forwarding

https://bugzilla.mindrot.org/show_bug.cgi?id=1874

           Summary: Cannot enable agent forwarding if persistent master
                    connection exists with no forwarding
           Product: Portable OpenSSH
           Version: 5.8p1
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: ssh
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: josh at joshtriplett.org


~$ ssh joshtriplett.org ssh-add -l
Could not open a connection to your authentication agent.
~$ ssh -A joshtriplett.org ssh-add -l
Could not open a connection to your authentication agent.

The second connection made use of the backgrounded master connection
opened by the first connection, which had not yet timed out.  Due to
this issue, in order to use SSH agent forwarding, I need to end all SSH
connections over that connection master, "ssh -O exit", and open a new
master connection with agent forwarding.  Or, alternatively, I have to
explicitly turn off connection sharing and turn on agent forwarding.

(Originally reported as http://bugs.debian.org/594307)

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1874

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org
             Status|NEW                         |RESOLVED
         Resolution|                            |WONTFIX

--- Comment #1 from Damien Miller <djm at mindrot.org> 2011-04-19 15:57:19
EST ---
A single agent connection is shared for all sessions that use the same
multiplexed connection (this is a limitation of the SSH protocol). I
don't think it is unreasonable to require this be available when the
connection is established. 

BTW, I just committed support for "ssh -O stop ..." to turn off
multiplexing while keeping one's sessions alive. So, if you mess up and
forget to forward your agent when using openssh-5.9 or greater, then
you can try again without killing all your existing sessions.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1874

--- Comment #2 from Josh Triplett <josh at joshtriplett.org> 2011-04-19
18:59:16 EST ---
(In reply to comment #1)
> A single agent connection is shared for all sessions that use the same
> multiplexed connection (this is a limitation of the SSH protocol). I
> don't think it is unreasonable to require this be available when the
> connection is established. 
I didn't know about the limitation to a single agent connection.  That
seems like something worth extending the protocol to work around.
However, in the meantime it still seems like a feature to have the
ability to add an agent to a connection after establishing it,
assuming the original SSH had the agent available in its environment.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1874

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #3 from Damien Miller <djm at mindrot.org> 2011-09-06 15:33:12
EST ---
close resolved bugs now that openssh-5.9 has been released

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.