Christian Hesse
2015-Nov-18 07:57 UTC
AddKeysToAgent break local forwarding (and possibly more)
Hello everybody, current git breaks local forwarding (and possibly more). Looks like the option in ignored completely. I bisected the issue and found this commit to be the culprit: commit f361df474c49a097bfcf16d1b7b5c36fcd844b4b Author: jcs at openbsd.org <jcs at openbsd.org> Date: Sun Nov 15 22:26:49 2015 +0000 upstream commit Add an AddKeysToAgent client option which can be set to 'yes', 'no', 'ask', or 'confirm', and defaults to 'no'. When enabled, a private key that is used during authentication will be added to ssh-agent if it is running (with confirmation enabled if set to 'confirm'). Initial version from Joachim Schipper many years ago. ok markus@ Upstream-ID: a680db2248e8064ec55f8be72d539458c987d5f4 Giving an extra '-o AddKeysToAgent=yes' makes the local forwarding work again, but I suppose that's not the expected behavior. ;) -- main(a){char*c=/* Schoene Gruesse */"B?IJj;MEH" "CX:;",b;for(a/* Chris get my mail address: */=0;b=c[a++];) putchar(b-1/(/* gcc -o sig sig.c && ./sig */b/42*2-3)*42);} -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 473 bytes Desc: OpenPGP digital signature URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20151118/54131d17/attachment.bin>
Christian Hesse
2015-Nov-18 08:33 UTC
AddKeysToAgent break local forwarding (and possibly more)
Christian Hesse <list at eworm.de> on Wed, 2015/11/18 08:57:> Hello everybody, > > current git breaks local forwarding (and possibly more). Looks like the > option in ignored completely. I bisected the issue and found this commit to > be the culprit: > > commit f361df474c49a097bfcf16d1b7b5c36fcd844b4b > Author: jcs at openbsd.org <jcs at openbsd.org> > Date: Sun Nov 15 22:26:49 2015 +0000I was kind of wrong. After a $ make clean $ make ssh everything works as expected. Looks like readconf.o was not regenerated after readconf.h changed... That made ssh read the wrong value from struct Options. But possibly the build system needs some tweaking. Object files should be regenerated after header files changed, no? -- main(a){char*c=/* Schoene Gruesse */"B?IJj;MEH" "CX:;",b;for(a/* Chris get my mail address: */=0;b=c[a++];) putchar(b-1/(/* gcc -o sig sig.c && ./sig */b/42*2-3)*42);} -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 473 bytes Desc: OpenPGP digital signature URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20151118/05dd8c5a/attachment-0001.bin>
Damien Miller
2015-Nov-18 08:45 UTC
AddKeysToAgent break local forwarding (and possibly more)
On Wed, 18 Nov 2015, Christian Hesse wrote:> Hello everybody, > > current git breaks local forwarding (and possibly more). Looks like the > option in ignored completely. I bisected the issue and found this commit to be > the culprit:I can't replicate this and regress/unit tests pass okay for me (once I committed bcb7bc77bbb to fix a ssh-keygen bug). How is it broken? Can you show a debug trace? (did you forget to "make clean"?) -d
Damien Miller
2015-Nov-18 08:46 UTC
AddKeysToAgent break local forwarding (and possibly more)
On Wed, 18 Nov 2015, Christian Hesse wrote:> Christian Hesse <list at eworm.de> on Wed, 2015/11/18 08:57: > > Hello everybody, > > > > current git breaks local forwarding (and possibly more). Looks like the > > option in ignored completely. I bisected the issue and found this commit to > > be the culprit: > > > > commit f361df474c49a097bfcf16d1b7b5c36fcd844b4b > > Author: jcs at openbsd.org <jcs at openbsd.org> > > Date: Sun Nov 15 22:26:49 2015 +0000 > > I was kind of wrong. After a > > $ make clean > $ make ssh > > everything works as expected. Looks like readconf.o was not regenerated after > readconf.h changed... That made ssh read the wrong value from struct Options. > > But possibly the build system needs some tweaking. Object files should be > regenerated after header files changed, no?Yes, they should but I never implemented makedepend generation because I couldn't get it working cross-platform. I'd love someone to take another try at it. -d
Possibly Parallel Threads
- [Bug 2670] New: Add ssh_config option that sets the lifetime of the key if added via AddKeysToAgent
- [Bug 2564] New: ssh_config AddKeysToAgent doesn't set key name/path
- [Bug 3712] New: ssh-add should respect AddKeysToAgent default in ~/.ssh/config
- [Bug 2620] New: Option AddKeysToAgent doesnt work with keys provided by PKCS11 libraries.
- Boot iPXE from syslinux/isolinux