Re: Trouble with agent forwarding

From: Iwan Vosloo <iwan@xxxxxxxxx>
Date: Sat, 21 Jun 2008 11:16:13 +0200

Hi,

From: Iwan Vosloo <iwan@xxxxxxxxx>
Should it be possible to let agent forwarding work like this "through"
sudo?
Where do we go to search for the problem?
It certainly was working before...

On Thu, 2008-06-19 at 12:49 -0700, Edmond Baroud wrote:

I guess your problem is that the root ssh public key is not in somename's authorized_keys on machine C.
When you do 'sudo ssh someone@C' you're loading root's profile on the originating box, as if root was launching the ssh command, therefor ssh loads root's public key and tries to authenticate with it on machine C against your remote user's authorized keys.

Well, the idea is not to have root's keys in that user's authorized_keys
on machine C. Only keys from actual developer machines are there - isn't
that the point of agent forwarding? The question is how agent
forwarding behaves under sudo?

Thanks
-i

References:
- Re: Trouble with agent forwarding
  - From: Edmond Baroud

Prev by Date: ssh connection pause
Next by Date: Re: Trouble with agent forwarding
Previous by thread: Re: Trouble with agent forwarding
Next by thread: Re: Trouble with agent forwarding
Index(es):
- Date
- Thread

Relevant Pages

Re: Apache Software Foundation Server compromised, resecured. (fwd)
... > I believe agent forwarding still exposes the problem: ... first system and the private key is *not* sent ... the authentication agent would have no ... use of an external device storing the keys would make it more difficult. ...
(FreeBSD-Security)
Re: Apache Software Foundation Server compromised, resecured. (fwd)
... > Kris Kennaway wrote: ... >>> so by typing a passphrase on that machine as opposed to agent forwarding? ... >> processes running as you on the target machine to access the keys ...
(FreeBSD-Security)