[Bug 3555] New: ForwardAgent doesn't work under Match canonical
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Sun Apr 2 06:47:14 AEST 2023
https://bugzilla.mindrot.org/show_bug.cgi?id=3555
Bug ID: 3555
Summary: ForwardAgent doesn't work under Match canonical
Product: Portable OpenSSH
Version: 8.4p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: gomez404 at gmail.com
When using CanonicalizeHostname, the ForwardAgent directive doesn't
seem to work under Match canonical.
e.g.
-----
Host bastion
ProxyJump none
Match canonical
ProxyJump bastion
ForwardAgent yes
Host *
ForwardAgent no
CanonicalizeHostname always
CanonicalDomains mydomain.co.uk
CanonicalizeMaxDots 0
CanonicalizeFallbackLocal yes
----
When I connect to foo.mydomain.co.uk through the jumphost
bastion.mydomain.co.uk, ssh-agent is not forwarded.
If I change the ForwardAgent directive under Host * to 'yes', then it
does get forwarded. Therefore, it seems that the ForwardAgent directive
is not being read when it is under Match canonical.
I have not been able to test on newer versions of OpenSSH as I could
not figure out how to compile it. There is no configure file.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list