Hi -- I saw an email on December 26th in the openssh-unix-dev mailing list archived on MARC, indicating that agent forwarding is indeed not working for 2.2, but that it is working for 2.3. That email referred to a user with 2.3 clients and 2.2 server. I am running the 2.3 client AND server and am having a similar problem. The only unusual aspect of my installation is that I'm using port 24 until I convince myself that this is all something I'm doing wrong, and switch to openssh! Apologies in advance if I'm offbase... I'm a moderately experienced ssh user, been running various versions for about three years, and have been using agent forwarding for the last couple of years with ssh.com's ssh1 and ssh2. This is my first dalliance with openssh. There are two machines, A and B. A is running openssh-2.3.0p1 compiled by me on Mandrake Linux 7.2 (RedHat 7?). B is also running openssh-2.3.0p1 compiled by me on Solaris 5.8 (an UltraSparc box). On A and B, the /etc/ssh/ssh_config and .ssh/ssh_config have 'Host *' followed by 'ForwardAgent yes' entries, and no other Host lines. As far as I can see, there are no sshd_config directives that affect agent forwarding. The Mandrake installation (on A) uses ssh-agent to set up KDE, so I see an ssh-agent running and have a corresponding SSH_AGENT_PID and SSH_AUTH_SOCKET in the shell environment. I ssh-add .ssh/gary_shea.dsa (my identity file, set up with IdentityFile2 in .ssh/ssh_config). ssh-add -l shows the identity. If I then 'ssh -A' to machine B, I do not need to type the passphrase, indicating that the ssh-agent works to that extent. BUT, my environment on B does not contain the SSH_AGENT_PID and SSH_AUTH_SOCK entries. I am forwarding X11 also, and the X11 forwarding appears to be working, based on the presence of DISPLAY in the environment on B, and the characteristic delay starting vim on B. Is there something I'm missing? Gary
you have to try a recent snapshot if you need agent-fwding in ssh2: http://bass.directhit.com/openssh_snap/ On Thu, Dec 28, 2000 at 11:12:36AM -0700, Gary Shea wrote:> Hi -- > > I saw an email on December 26th in the openssh-unix-dev mailing list > archived on MARC, indicating that agent forwarding is indeed not working > for 2.2, but that it is working for 2.3. That email referred to a user > with 2.3 clients and 2.2 server. I am running the 2.3 client AND server > and am having a similar problem. The only unusual aspect of my installation > is that I'm using port 24 until I convince myself that this is all something > I'm doing wrong, and switch to openssh! Apologies in advance if I'm > offbase... > > I'm a moderately experienced ssh user, been running various versions for > about three years, and have been using agent forwarding for the last > couple of years with ssh.com's ssh1 and ssh2. This is my first dalliance > with openssh. > > There are two machines, A and B. A is running openssh-2.3.0p1 compiled > by me on Mandrake Linux 7.2 (RedHat 7?). B is also running > openssh-2.3.0p1 compiled by me on Solaris 5.8 (an UltraSparc box). > On A and B, the /etc/ssh/ssh_config and .ssh/ssh_config > have 'Host *' followed by 'ForwardAgent yes' entries, and no > other Host lines. As far as I can see, there are no sshd_config > directives that affect agent forwarding. > > The Mandrake installation (on A) uses ssh-agent to set up KDE, > so I see an ssh-agent running and have a corresponding SSH_AGENT_PID > and SSH_AUTH_SOCKET in the shell environment. I ssh-add > .ssh/gary_shea.dsa (my identity file, set up with IdentityFile2 in > .ssh/ssh_config). ssh-add -l shows the identity. If I then 'ssh -A' > to machine B, I do not need to type the passphrase, indicating that the > ssh-agent works to that extent. BUT, my environment on B > does not contain the SSH_AGENT_PID and SSH_AUTH_SOCK entries. > > I am forwarding X11 also, and the X11 forwarding appears to be working, > based on the presence of DISPLAY in the environment on B, and the > characteristic delay starting vim on B. > > Is there something I'm missing? > > Gary > >
What protocol version use ssh-agent from OpenSSH. local:'SSH Version OpenSSH_2.3.0p2, protocol versions 1.5/2.0.' ( SNAP-20010108 ) remote:'SSH Secure Shell 2.3.0 ....' I remove in files: - clientloop.c - session.c - ssh.c '@openssh.com' in lines about agent authentication. after this sshd2/1 ( from ssh.com ) on remote machine create unix domain socket, but work fine only if I connect to sshd1 ( protocol version 1.5 ). If connection is to sshd2 ( protocol version 2 ) command 'ssh-add2 -l' ( list auth keys ) from ssh.com report this: ssh_agent_received_packet: packet number 2 (version response from 1.x agent) and 'forwarding of the authentication agent connection' don`t work ! What can I do ? How to check packets response from OpenSSH agent to SSH server ? File 'authfd.h' has 'private OpenSSH extensions for SSH2' . Is this wrong ?