Jochen Bern wrote:>[scratches head] If JuiceSSH's forwarded agent reliably refuses to >serve, why not simply tell it to stop doing such a forward ... ?Well, JuiceSSH is an Android app. I don't have the source and there are almost no configuration options.>On another note, the fact that you apparently do not need an agent to >authenticate the SSH connections from the first jump host onward is (I >hope) not a common situation.It may be a Fedora peculiarity, but I almost never encounter any SSH agent on my systems. That's at least part of the reason I didn't think the SSH_AUTH_SOCK variable was significant. -- Dave Close, Compata, Irvine CA +1 714 434 7359 dave at compata.com dhclose at alumni.caltech.edu "Education is what you get when you read the fine print; experience is what you get when you don't." -- Pete Seeger
On August 24, 2024 7:32:38 AM GMT+03:00, Dave Close <dave at compata.com> wrote:>Jochen Bern wrote: > >>[scratches head] If JuiceSSH's forwarded agent reliably refuses to >>serve, why not simply tell it to stop doing such a forward ... ? > >Well, JuiceSSH is an Android app. I don't have the source and there >are almost no configuration options. >Why not to try another Android SSH client, eg ConnectBot, Termux or Admin Hands, instead of persistently stepping upon the same rake with JuiceSSH? ConnectBot is even open source - all that you like. Sincerely Yours, Dan.
On 24.08.24 06:32, Dave Close wrote:> Jochen Bern wrote: >> [scratches head] If JuiceSSH's forwarded agent reliably refuses to >> serve, why not simply tell it to stop doing such a forward ... ? > > Well, JuiceSSH is an Android app. I don't have the source and there > are almost no configuration options.*If* the keypair is specific to your Android, adding it to authorized_keys with a "no-agent-forwarding" option might be worth a try. (If JuiceSSH's agent is so out of the user's control, I wouldn't want to have access to it - whether it *seems* to be unusable or not - forwarded to other machines, either. Let me guess, it doesn't have equivalents to all of ssh-add's -c, -t, -d, -D options, either?)> It may be a Fedora peculiarity, but I almost never encounter any SSH > agent on my systems.Umh. That seems odd ...> [bern at bnt ~]$ head -2 /etc/os-release > NAME="Fedora Linux" > VERSION="39 (KDE Plasma)" > [bern at bnt ~]$ ssh-add -l > The agent has no identities.(The exact (default!) setup might be KDE specific, but IIUC GNOME's gnome-keyring is no less prevalent and doubles as an ssh-agent. Or are we exclusively talking about *servers* you access via SSH here?) Kind regards, -- Jochen Bern Systemingenieur Binect GmbH -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3447 bytes Desc: S/MIME Cryptographic Signature URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20240825/4a2d2c87/attachment.p7s>
On Fri, 2024-08-23 at 21:32 -0700, Dave Close wrote:> Well, JuiceSSH is an Android app. I don't have the source and there > are almost no configuration options.Yet among them is one to enable SSH agent forwarding, which is off by default -- for good reason. Your pain here is 100% self-inflicted, and every bit of speculation in this thread about doing anything other than just turning it back off is not terribly productive. -Rob