Agent forwarding with DSA keys?

Paul Allen paul.l.allen at boeing.com
Tue Sep 26 05:07:09 EST 2000


"Wallace, Mark, CTR, OSD/ATL" wrote:
> 
> How do you manage to ssh-add your dsa key?
> When I try that, I'm informed that it is a bad key file...

Well, per the man page, I give ssh-add the name of the key file.
Ssh-add likes it fine.  This is openssh 2.2.0p1 with openssl
0.9.5a.

Note that my problem is not with ssh-add.  The agent knows about
my DSA key and ssh uses the stashed key to log me in on another
machine without asking for my pass-phrase.  The problem is that
the connection to the agent is not forwarded if I use my DSA key,
while it is forwarded if I use my RSA key.

So, I come back to the question, "Does agent forwarding work
with DSA keys?"  If it doesn't work yet, that's fine.  But if
someone has it working, I'd sure like to hear about it.

Thanks!

Paul Allen

> -----Original Message-----
> From: Paul Allen [mailto:paul.l.allen at boeing.com]
> Sent: Friday, September 22, 2000 1:20 AM
> To: openssh-unix-dev at mindrot.org
> Subject: Agent forwarding with DSA keys?
> 
> Does agent forwarding work with DSA keys?
> 
> I'm using 2.2.0p1 on RedHat Linux 6.2 (Alpha) and Solaris 2.6 (SPARC).
> If I ssh-add my RSA key into the local agent and ssh to another
> machine, the agent connection is forwarded properly.  (I can say
> "ssh-add -l" and see my keys.)  If I ssh-add my DSA key into the
> local agent and "ssh -2" to another machine, the agent connection
> does not forward.  (Ssh-add -l can't find the agent, there is no
> SSH_AUTH_SOCK environment variable.)
> 
> I've been rummaging in the code, and I see two sections in ssh.c
> where X forwarding is handled.  One of the sections also handles
> agent forwarding.  I tagged one of the debug() calls about
> "Requesting X11 forwarding" in order to distinguish between them
> at runtime.  The section that does not appear to do agent
> forwarding is the one that gets executed when a DSA key is being
> used.  Hmmm...
> 
> I don't see other complaints like this on the list, so probably I'm
> doing something wrong.  On the other hand, perhaps everybody but me
> already knows that agent forwarding doesn't quite work yet in
> protocol 2.  :-)
> 
> Can anybody point me to the path of sanity here?
> 
> Thanks!
> 
> Paul Allen
> --
> Paul L. Allen           | voice: (425) 865-3297  fax: (425) 865-2964
> Unix Technical Support  | paul.l.allen at boeing.com
> Boeing Phantom Works Math & Computing Technology Site Operations,
> POB 3707 M/S 7L-68, Seattle, WA 98124-2207

-- 
Paul L. Allen           | voice: (425) 865-3297  fax: (425) 865-2964
Unix Technical Support  | paul.l.allen at boeing.com
Boeing Phantom Works Math & Computing Technology Site Operations,
POB 3707 M/S 7L-68, Seattle, WA 98124-2207





More information about the openssh-unix-dev mailing list