On 24.08.24 03:16, Dave Close wrote:> Damien Miller wrote:
>> This is ssh trying to connect to $SSH_AUTH_SOCK, perhaps JuiceSSH's
>> agent that you've forwarded.
>
> No need to fix JuiceSSH. It's authors ignore all contact anyway. Fixed
> on my system with a simple bash command:
> "alias xssh="unset SSH_AUTH_SOCK; ssh".
[scratches head] If JuiceSSH's forwarded agent reliably refuses to
serve, why not simply tell it to stop doing such a forward ... ?
On another note, the fact that you apparently do not need an agent to
authenticate the SSH connections from the first jump host onward is (I
hope) not a common situation. I suspect that the more general approach
would be to start a *new* agent on the jump host (which should hijack
$SSH_AUTH_SOCK with a *working*, albeit "not running quite where you'd
expect it to", agent).
Assuming that the keypair(s) on your Android exist *only* there, I'd try
giving the pubkey in the jump host's authorized_keys a
command="..."
option to run something that starts the new agent and lets the sub-shell
execute $SSH_ORIGINAL_COMMAND (or turn into an interactive login shell
if the env var is empty).
Kind regards,
--
Jochen Bern
Systemingenieur
Binect GmbH
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3447 bytes
Desc: S/MIME Cryptographic Signature
URL:
<http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20240824/3c5c89e8/attachment.p7s>