similar to: Problem getting ssh agent forwarding to work

You might want to take a look at /var/log/secure on the machine you're logging into, that might have more information on why the key wasn't accepted. Ralph <rainer at ultra-secure.de> schrieb am Di., 14. M?rz 2017 um 10:23 Uhr: > Hi, > > I need to get agent-forwarding working. > > > I have: > - a local OpenSUSE 42.1 box, where my key(s) reside (ssh agent

Hi! I tried with all available options to disable forwarding-only connections, by: "AllowAgentForwarding no AllowTcpForwarding no" This had no effect, so what I got in effect was dummy connections. I would like to disable this "class" of connections altogether. The outcome will be that all authenticated connections will lead to a command, be it /usr/libexec/sftp-server

Hi, I can disable agent-forwarding for any given key by prefixing it with "no-agent-forwarding", but it seems there's no global sshd_config setting for this (ie no "AgentForwarding [yes|no]"). Is this on purpose? If so, what's the rationale? -Jan -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type:

Hi OpenSSH devs, I?m wondering if the following has any merit and can be done securely ... If you could match on principals in the sshd_config, then (for example) on a gateway machine, you could have something like /etc/ssh/authorized_keys/sshfwd: cert-authority,principals=?batcha-fwd,batchb-fwd? ... /etc/ssh/sshd_config containing: Match User sshfwd PubkeyAuthentication yes

AFAIK everything you described here could be done using the AuthorizedKeysCommand or AuthorizedPrincipalsCommand directives. These can emit authorized_keys options (inc. permitopen) as well as the allowed keys/principals. On Sun, 12 Nov 2023, Bret Giddings wrote: > Hi OpenSSH devs, > > I?m wondering if the following has any merit and can be done securely ... > > If you could

Hey everyone, I hope this isn't an old issue; I wasn't able to locate it in the archives. I have a number of scripts which make use of ssh -i and scp -i, where the target host has the specified key in its authorized_keys file with a command= override to do immediate processing of the received data. This works extremely well, as we are able to establish single-function, triggered-action

OK. I've had a few replies to my earlier question about auth agent forwarding that indicate that it is currently supported. So now I'm confused as to why it is not working for me. I'm trying to chain between servers. With v1 I could load my key into the ssh-agent on my workstation (a) and ssh to server b and ssh from there to server c, all without typing a passphrase/password. Now

Hi, I know this might be the most asked question, so I've done anything possible to troubleshoot the problem myself, but still, my SSH Agent Forwarding is not working for me. The best troubleshooting guide that I found, and also the one I've been using, is the ssh forwarding guide on github - https://help.github.com/articles/using-ssh-agent-forwarding I've checked all things there,

hi all, I need to generate ssh authorize keys for a list of users hosted on different servers.the users are active and each one has its public key (id_rsa.pub) hosted in 1 server. now what i need to do is to generate the authorize keys from each of their public key. the key is easily generating if public key hosted on the Node but my problem is that all public keys are hosted in 1 machine with a

ssh-agent is a great tool that is often misconfigured with respect to agent forwarding. How many people running ssh-agent and doing a ssh -A have the very same public keys in ~/.ssh/authorized_keys of the machine they are coming from? ssh(1) is very clear in its warning about enabling agent forwarding. The simple act of prompting the user before using the key would enable them to determine

Hi Peter, What I am looking for is an SSHD configuration where every successfully authenticated connection also guaranteedly will lead to a ForcedCommand invocation. Currently I understand this to be the case only for the connections that open channel to deliver a terminal, command or SFTP (I don't know if you have a collective name for such non-forwarding channels). Is this possible?

This is an old idea I had, resurrected by the mention of changing the agent protocol in "ssh-agent allowing access to other users?" thread. Currently, when you forward the ssh-agent, the forwarded host has the same rights as the local user. And when the key requires confirmation, the is quite terse: "Allow use of key foobar? Key fingerprint abcdf." It would be desirable to

https://bugzilla.mindrot.org/show_bug.cgi?id=2621 Bug ID: 2621 Summary: ControlMaster started by scp (non-ssh?) doesn't forward agent Product: Portable OpenSSH Version: 7.3p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: Miscellaneous

I have a curious situation with four OpenBSD 3.3 hosts. Each of these has public/private keys on each other for inter-host authentication using RSA2 keys. For instance, they're called hostA-to-hostBCD, hostB-to-hostACD, hostC-to-hostABD, and hostD-to-hostABC. The sshd_config files, on each host, look as follows... #; #; /etc/ssh/sshd_config #; Port 22 Protocol 2 ListenAddress

Nico Kadel-Garcia <nkadel at gmail.com> writes: > I'm just trying to figure out under what normal circumstances a > connection with X11 forwarding enabled wouldn't be owned by a user who > already has normal system privileges for ssh, sftp, and scp access. Some OS distributions (FreeBSD, RHEL / CentOS, probably Fedora) have X11Forwarding enabled by default. DES --

Hi, OpenSSH 5.1 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This release is one of the biggest in recent years, with two hackathons' worth of improvements and fixes for some of our most recalcitrant bugs. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is

I'm confused about the status of auth agent forwarding while using v2 protocols. I found an old newsgroup post that said it was not available but an entry in the ChangeLog entry dated 20001113 seems to indicate that it was added. So. Does agent forwarding work while using v2 protocols? I've been unable to get it to work since I switched to using v2. Thanks, Ben -- Ben Beuchler

Does agent forwarding work with DSA keys? I'm using 2.2.0p1 on RedHat Linux 6.2 (Alpha) and Solaris 2.6 (SPARC). If I ssh-add my RSA key into the local agent and ssh to another machine, the agent connection is forwarded properly. (I can say "ssh-add -l" and see my keys.) If I ssh-add my DSA key into the local agent and "ssh -2" to another machine, the agent connection

Hello. Yes, i think that was the cause why agent forwarding wasn't performed at all, i had to rm(1) the control socket and the next ssh(1) connection forwarded the agent normally again. (It was a huge timeshift by several hours.) I.e., just in case this is something you didn't have on your radar yet. Ciao. --steffen

Has anyone used Agent Forwarding in 3.4p1? We can't seem to get it working under Solaris 2.6 or 8 (Sparc).