[Bug 3555] New: ForwardAgent doesn't work under Match canonical

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sun Apr 2 06:47:14 AEST 2023


https://bugzilla.mindrot.org/show_bug.cgi?id=3555

            Bug ID: 3555
           Summary: ForwardAgent doesn't work under Match canonical
           Product: Portable OpenSSH
           Version: 8.4p1
          Hardware: amd64
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: gomez404 at gmail.com

When using CanonicalizeHostname, the ForwardAgent directive doesn't
seem to work under Match canonical.

e.g.
-----
Host bastion
    ProxyJump none

Match canonical
    ProxyJump bastion
    ForwardAgent yes

Host *
    ForwardAgent no
    CanonicalizeHostname always
    CanonicalDomains mydomain.co.uk
    CanonicalizeMaxDots 0
    CanonicalizeFallbackLocal yes
----

When I connect to foo.mydomain.co.uk through the jumphost
bastion.mydomain.co.uk, ssh-agent is not forwarded.

If I change the ForwardAgent directive under Host * to 'yes', then it
does get forwarded. Therefore, it seems that the ForwardAgent directive
is not being read when it is under Match canonical.

I have not been able to test on newer versions of OpenSSH as I could
not figure out how to compile it. There is no configure file.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list