How to fix my ssh key not being forwarded to a specific server

Question

I have a local host L and two remote servers S0 and S2. I can get ssh keys to be forwarded to S0 but not to S2. What's going wrong? See below for details:

L = dev29 S0 = testserver0 S2 = testserver2

on the local computer dev29:

[user@dev29 ~]$ head ~/.ssh/config Host testserver0 IdentityFile ~/.ssh/id_rsa_liberty ForwardAgent yes Host testserver2 IdentityFile ~/.ssh/id_odmi_dev_2019_rsa ForwardAgent yes [user@dev29 ~]$ ssh-add -l 2048 SHA256:MdVraEQBZBO2iEGVKVWqN4w+h8CP2iPXIlzQhU65RpE user@dev29 (RSA) [user@dev29 ~]$ ls -l ~/.ssh/id_rsa_liberty ~/.ssh/id_odmi_dev_2019_rsa -rw------- 1 user user 1823 Jul 14 12:11 /home/user/.ssh/id_odmi_dev_2019_rsa -rw------- 1 user user 1675 Apr 22 2013 /home/user/.ssh/id_rsa_liberty

Forwarding to S0 works:

[user@dev29 ~]$ ssh backoffice@testserver0 Last login: Sun Jul 14 20:39:50 2019 from <X.Y.Z> [backoffice@vs3234 ~]$ ssh-add -l 2048 f1:e9:e7:d6:b3:21:de:94:54:af:c6:42:48:2f:01:e3 user@dev29 (RSA) [backoffice@vs3234 ~]$ cat /etc/redhat-release CentOS release 6.10 (Final) [backoffice@vs3234 ~]$ exit logout Connection to testserver0 closed.

Forwarding to S2 doesn't:

[user@dev29 ~]$ ssh-add -l 2048 SHA256:MdVraEQBZBO2iEGVKVWqN4w+h8CP2iPXIlzQhU65RpE user@dev29 (RSA) [user@dev29 ~]$ ssh testserver2 Last login: Sun Jul 14 21:04:09 2019 from 10.137.0.48 [user@testserver2 ~]$ ssh-add -l The agent has no identities.

It would seem that none of the local configuration files are blocking agent forwarding:

[user@dev29 ~]$ ssh -vvv testserver2 2>&1 | grep 'Reading config' debug1: Reading configuration data /home/user/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config debug1: Reading configuration data /home/user/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config [user@dev29 ~]$ cat /home/user/.ssh/config /etc/ssh/ssh_config /etc/ssh/ssh_config.d/05-redhat.conf /etc/crypto-policies/back-ends/openssh.config | grep -i forwardagent ForwardAgent yes ForwardAgent yes ForwardAgent yes # ForwardAgent no [user@dev29 ~]$ cat /etc/redhat-release Fedora release 29 (Twenty Nine

On the testserver2-side, sshd_config seems to be OK, and restarting sshd doesn't seem to help:

[user@testserver2 ~]$ sudo grep -i agentforw /etc/ssh/sshd_config #AllowAgentForwarding yes AllowAgentForwarding yes [user@testserver2 ~]$ sudo service sshd restart Redirecting to /bin/systemctl restart sshd.service [user@testserver2 ~]$ cat /etc/redhat-release Fedora release 29 (Twenty Nine) [user@testserver2 ~]$ exit logout Connection to testserver2 closed. [user@dev29 ~]$ ssh testserver2 Last login: Sun Jul 14 21:04:22 2019 from 10.137.0.48 [user@testserver2 ~]$ ssh-add -l The agent has no identities.

Possible multiple instances of ssh-agent running as described in https://unix.stackexchange.com/questions/528360/ssh-agent-forwarding-troubleshooting , don't seem to be the issue:

[user@testserver2 ~]$ ps xaf | grep ssh-agent | grep -v grep 770 ? Ss 0:00 \_ /usr/bin/ssh-agent /etc/X11/xinit/Xclients [user@testserver2 ~]$ exit logout Connection to testserver2 closed. [user@dev29 ~]$ ps xaf | grep ssh-agent | grep -v grep 714 ? Ss 0:00 \_ /usr/bin/ssh-agent /etc/X11/xinit/Xclients

Any suggestions?

Does this answer your question? SSH agent forwarding is not working — Kamil Maciorowski
– Kamil Maciorowski, Commented Aug 4, 2022 at 14:09

Stack Exchange Network

How to fix my ssh key not being forwarded to a specific server

0

You must log in to answer this question.

Linked

Hot Network Questions

How to fix my ssh key not being forwarded to a specific server

0

You must log in to answer this question.

Linked

Related

Hot Network Questions