Re: Trouble with agent forwarding

I guess your problem is that the root ssh public key is not in somename's authorized_keys on machine C.
When you do 'sudo ssh someone@C' you're loading root's profile on the originating box, as if root was launching the ssh command, therefor ssh loads root's public key and tries to authenticate with it on machine C against your remote user's authorized keys.


----- Original Message ----
From: Iwan Vosloo <iwan@xxxxxxxxx>
To: secureshell@xxxxxxxxxxxxxxxxx
Sent: Thursday, June 19, 2008 5:21:46 AM
Subject: Trouble with agent forwarding


After an upgrade, we are having trouble with openssh and agent
forwarding, and are stumped at trying to find the source of our
troubles. Any pointers to help us debug would be appreciated:

Previously, we had
(a) developer workstations, with our ssh keys in the normal place:
(b) Prod machine B, with ~/.ssh/authorized_keys{,2}
(containing the public keys of our developers).
(c) Prod machine C, set up like B

On developer boxes, we have /etc/ssh/ssh_config with the following
(assume C is the domain name of the said production machines):

Host C
ForwardAgent yes

With this setup, we were able to execute the following two commands from
an ssh session to machine B:

ssh C ls
sudo ssh somename@C ls

This was on Ubuntu Gutsy, with openssh version 1:4.6p1-5ubuntu0.5 and
sudo version 1.6.8p12-5ubuntu2.
Then we upgraded to Ubuntu Hardy, with openssh version
1:4.7p1-8ubuntu1.2 and sudo version 1.6.9p10-1ubuntu3.2.

After the upgrade, we can still do
ssh C ls

sudo ssh somename@C ls

Should it be possible to let agent forwarding work like this "through"
Where do we go to search for the problem?
It certainly was working before...

- Iwan

Looking for the perfect gift? Give the gift of Flickr!