I have created the following test case: (Ubuntu 12.04) <--ssh--> (OS TW foo.gpg) (Ubuntu 12.04) <--ssh--> (OS Leap 42.1 bar.gpg) I am trying to remotely decrypt foo.gpg (on openSUSE tumbleweed) and bar.gpg (on openSUSE Leap 42.1). If I ssh onto the OS Leap box, and issue: gpg --require-secmem -d bar.gpg I get this in the terminal: http://snag.gy/tOp0l.jpg then I type the password and I can decrypt bar.gpg On the other hand, if I ssh onto the OS TW box, and issue: gpg --require-secmem -d foo.gpg I get: gpg: AES256 encrypted data gpg: cancelled by user gpg: encrypted with 1 passphrase gpg: decryption failed: No secret key Without being asked for the password at any moment. On the Ubuntu box I created ~/.ssh/config with: Host OS_TW_IP ForwardAgent yes and now on OS TW I got defined the environment variable SSH_AUTH_SOCK, which according to https://developer.github.com/guides/using-ssh-agent-forwarding/ means that I got agent forwarding on: echo "$SSH_AUTH_SOCK" /tmp/ssh-sHRBQlHR6o/agent.16681 I did not include OS Leap in ~/.ssh/config and I don't have SSH_AUTH_SOCK defined on it but still I am asked for the password. I have #AllowAgentForwarding yes on /etc/ssh/sshd_config of both OS TW and Leap, and # ForwardAgent no on /etc/ssh/ssh_config of Ubuntu, but, as I said, with cat ~/.ssh/config Host OS_TW_IP ForwardAgent yes Thanks. On 21/03/16 23:04, John Andersen wrote:
On 03/21/2016 12:18 PM, Edwin Aponte wrote:
AllowAgentForwarding yes was commented on my /etc/ssh/sshd_config. I uncommented it and restarted the sshd service but I still don't have the SSH_AUTH_SOCK variable set (over ssh). If I ssh to the server and run:
I believe you would want to authorize that on your target machine. sshd_config is used for incoming ssh sessions.
ssh_config is used for out going ssh sessions, but you can override this with ssh command line switches.
however, if the target machine (ubuntu as I understand it) did not have AllowAgentForwarding yes, then nothing you did on the command line of your source machine would have any effect.
Also read the notes at the top of the sshd_config regarding the commented out lines. In the Opensuse world,
#AllowAgentForwarding yes
Documents the default (as shipped) configuration, but also supplies a template for you to change it.
So AgentForwarding is set YES by default, and you need not uncomment it. If you wanted to change it to NO, you would have to both uncomment it and set it to NO.
But again, this applies to INCOMING connections, so you have to check what ubunto supports
Your OUTGOING connections from Opensuse to ubuntu will not have agentforwarding turned on by default unless you over-ride th command line with some swithes.
This is so because in ssh_config there exists the line: # ForwardAgent no which documents the default connection setting of no agent forwarding. You need -A to forward agent to target, providing target allows such.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org