OSX - SSH agent functionality differing based upon CLI arguments
Markus Friedl
mfriedl at gmail.com
Fri Jan 10 07:12:09 EST 2014
This is due to ssh's flexible argument parsing. If you skip the hostname, them something else is interpreted as the hostname.
> Am 09.01.2014 um 18:43 schrieb bryan hunt <picsolvebryan at gmail.com>:
>
> Yes, called as you describe, SSH works correctly (it Forwards Agent). Quirky!
>
> But, called the way I was doing, everything but Agent Forwarding works.
>
> Strange. Looking further, I found another odd behaviour.
>
> ssh -o User=vagrant -o Hostname=127.0.0.1 -p 2222 -o Compression=yes -o StrictHostKeyChecking=no -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o IdentitiesOnly=yes -i /Users/bryanhunt/.vagrant.d/insecure_private_key -o ForwardAgent=yes -o LogLevel=DEBUG "" "/bin/sh -c 'git clone git at bitbucket.org:bryan_picsolve/poc_docker.git /home/vagrant/poc_dockerddd’ "
>
> Note how I added the empty quoted string in the hostname position.
>
> SSH Agent Forwarding works if I add that empty quoted string.
>
> If I remove the empty quoted string, the git checkout is executed, but prompts for authentication.
>
> I would expect SSH to completely succeed, or completely fail to execute the command - rather than have the side channel (SSH agent) fail or succeed based upon how I express the command line arguments.
>
> This is a stock version of the ssh command on OSX.
>
> The checksum is:
>
> MD5 (/usr/bin/ssh) = 35caacee333ebae93d4087ca349738e4
>
> Perhaps another OSX user could verify this behaviour?
>
> Regards,
>
> Bryan Hunt
>
>
>> On 9 Jan 2014, at 17:21, Markus Friedl <mfriedl at gmail.com> wrote:
>>
>> You pass it as an option.
>>
>> But ssh is called like
>>
>> $ ssh [options] hostname [command]
>>
>>
>>
>>
>>
>>> Am 09.01.2014 um 16:21 schrieb bryan hunt <picsolvebryan at gmail.com>:
>>>
>>>
>>> I don’t understand, in the second example, "ssh -o HostName=127.0.0.1 “, is the very first argument to the program…
>>>
>>>
>>>
>>>> On 9 Jan 2014, at 13:21, Markus Friedl <mfriedl at gmail.com> wrote:
>>>>
>>>> The 2nd example misses the required hostname argument.
>>>>
>>>>
>>>>
>>>>
>>>>> Am 09.01.2014 um 13:32 schrieb bryan hunt <picsolvebryan at gmail.com>:
>>>>>
>>>>>
>>>>> Trying to get SSH agent forwarding working for a popular open source configuration management system called Ansible.
>>>>>
>>>>> I’ve had some unexpected behaviour, the only cause of which I can find is how I express the command line arguments.
>>>>>
>>>>> http://stackoverflow.com/questions/20952689/vagrant-ssh-agent-forwarding-how-is-it-working?noredirect=1#comment31511341_20952689
>>>>>
>>>>> In summarise:
>>>>>
>>>>> In the first instance I can create a SSH connection, and and execute a remote git clone (via SSH), the Agent Forwarding works, and I am not prompted for credentials:
>>>>>
>>>>> ssh vagrant at 127.0.0.1 -p 2222 \
>>>>> -o Compression=yes \
>>>>> -o StrictHostKeyChecking=no \
>>>>> -o LogLevel=FATAL \
>>>>> -o StrictHostKeyChecking=no \
>>>>> -o UserKnownHostsFile=/dev/null \
>>>>> -o IdentitiesOnly=yes \
>>>>> -i /Users/bryanhunt/.vagrant.d/insecure_private_key \
>>>>> -o ForwardAgent=yes \
>>>>> "/bin/sh -c 'git clone git at bitbucket.org:bryan_picsolve/poc_docker.git /home/vagrant/poc_dockera' "
>>>>> Cloning into '/home/vagrant/poc_dockera'...
>>>>>
>>>>> In the second instance I express the arguments differently ( -o HostName=127.0.0.1 -o User=vagrant ), and Agent Forwarding doesn’t seem to work:
>>>>>
>>>>> ssh -o HostName=127.0.0.1 -o User=vagrant -p 2222 \
>>>>> -o Compression=yes \
>>>>> -o StrictHostKeyChecking=no \
>>>>> -o LogLevel=FATAL \
>>>>> -o StrictHostKeyChecking=no \
>>>>> -o UserKnownHostsFile=/dev/null \
>>>>> -o IdentitiesOnly=yes \
>>>>> -i /Users/bryanhunt/.vagrant.d/insecure_private_key \
>>>>> -o ForwardAgent=yes \
>>>>> "/bin/sh -c 'git clone git at bitbucket.org:bryan_picsolve/poc_docker.git /home/vagrant/poc_dockerb' "
>>>>> /bin/sh -c 'git clone git at 127.0.0.1's password:
>>>>>
>>>>> The client side SSH is:
>>>>>
>>>>> OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
>>>>>
>>>>> The server side SSH is:
>>>>>
>>>>> OpenSSH_5.9p1 Debian-5ubuntu1.1, OpenSSL 1.0.1 14 Mar 2012
>>>>>
>>>>>
>>>>> Have any of the list members got an insight into this behaviour ?
>>>>>
>>>>> Thanks in advance,
>>>>>
>>>>> Bryan Hunt
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> openssh-unix-dev mailing list
>>>>> openssh-unix-dev at mindrot.org
>>>>> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
More information about the openssh-unix-dev
mailing list