OSX - SSH agent functionality differing based upon CLI arguments

Alex Bligh alex at alex.org.uk
Fri Jan 10 21:36:01 EST 2014 

I may be being a bit thick here, but if you reduce your command line, by removing the -o and -i options, it says:

>> ssh "" "/bin/sh  -c 'git clone git at bitbucket.org:bryan_picsolve/poc_docker.git /home/vagrant/poc_dockerddd’ "

which is the equivalent to
  ssh "" "command"

Is using an empty hostname documented as something that is meant to work? I suspect the hostname is simply being merged into the command, and you are doing
  ssh command

which is failing.

Alex

On 10 Jan 2014, at 10:16, bryan hunt wrote:

> But it isn’t. 
> 
> "/bin/sh  -c 'git clone git at bitbucket.org:bryan_picsolve/poc_docker.git /home/vagrant/poc_dockerddd’ “ is not interpreted as the hostname, it is executed as a remote command, but without SSH agent working. 
> 
> Anyhow, I’m not here to demand a better command line argument parser, merely to verify the behaviour so I can help to resolve the problems that Ansible are having. 
> 
> But thank you for the help.
> 
> Bryan
> 
> 
> On 9 Jan 2014, at 20:12, Markus Friedl <mfriedl at gmail.com> wrote:
> 
>> This is due to ssh's flexible argument parsing. If you skip the hostname, them something else is interpreted as the hostname. 
>> 
>> 
>> 
>> 
>>> Am 09.01.2014 um 18:43 schrieb bryan hunt <picsolvebryan at gmail.com>:
>>> 
>>> Yes, called as you describe, SSH works correctly (it Forwards Agent). Quirky!
>>> 
>>> But, called the way I was doing, everything but Agent Forwarding works. 
>>> 
>>> Strange. Looking further, I found another odd behaviour. 
>>> 
>>> ssh -o User=vagrant -o Hostname=127.0.0.1 -p 2222 -o Compression=yes -o StrictHostKeyChecking=no -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o IdentitiesOnly=yes -i /Users/bryanhunt/.vagrant.d/insecure_private_key -o ForwardAgent=yes -o LogLevel=DEBUG "" "/bin/sh  -c 'git clone git at bitbucket.org:bryan_picsolve/poc_docker.git /home/vagrant/poc_dockerddd’ "
>>> 
>>> Note how I added the empty quoted string in the hostname position. 
>>> 
>>> SSH Agent Forwarding works if I add that empty quoted string. 
>>> 
>>> If I remove the empty quoted string, the git checkout is executed, but prompts for authentication.
>>> 
>>> I would expect SSH to completely succeed, or completely fail to execute the command - rather than have the side channel (SSH agent) fail or succeed based upon how I express the command line arguments. 
>>> 
>>> This is a stock version of the ssh command on OSX.
>>> 
>>> The checksum is:
>>> 
>>> MD5 (/usr/bin/ssh) = 35caacee333ebae93d4087ca349738e4
>>> 
>>> Perhaps another OSX user could verify this behaviour? 
>>> 
>>> Regards,
>>> 
>>> Bryan Hunt
>>> 
>>> 
>>>> On 9 Jan 2014, at 17:21, Markus Friedl <mfriedl at gmail.com> wrote:
>>>> 
>>>> You pass it as an option. 
>>>> 
>>>> But ssh is called like 
>>>> 
>>>> $ ssh [options] hostname [command]
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>> Am 09.01.2014 um 16:21 schrieb bryan hunt <picsolvebryan at gmail.com>:
>>>>> 
>>>>> 
>>>>> I don’t understand, in the second example, "ssh -o HostName=127.0.0.1 “, is the very first argument to the program…
>>>>> 
>>>>> 
>>>>> 
>>>>>> On 9 Jan 2014, at 13:21, Markus Friedl <mfriedl at gmail.com> wrote:
>>>>>> 
>>>>>> The 2nd example misses the required hostname argument.
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>>> Am 09.01.2014 um 13:32 schrieb bryan hunt <picsolvebryan at gmail.com>:
>>>>>>> 
>>>>>>> 
>>>>>>> Trying to get SSH agent forwarding working for a popular open source configuration management system called Ansible.
>>>>>>> 
>>>>>>> I’ve had some unexpected behaviour, the only cause of which I can find is how I express the command line arguments.
>>>>>>> 
>>>>>>> http://stackoverflow.com/questions/20952689/vagrant-ssh-agent-forwarding-how-is-it-working?noredirect=1#comment31511341_20952689
>>>>>>> 
>>>>>>> In summarise:
>>>>>>> 
>>>>>>> In the first instance I can create a SSH connection, and and execute a remote git clone (via SSH), the Agent Forwarding works, and I am not prompted for credentials:
>>>>>>> 
>>>>>>> ssh vagrant at 127.0.0.1 -p 2222 \
>>>>>>> -o Compression=yes \
>>>>>>> -o StrictHostKeyChecking=no \
>>>>>>> -o LogLevel=FATAL \
>>>>>>> -o StrictHostKeyChecking=no \
>>>>>>> -o UserKnownHostsFile=/dev/null \
>>>>>>> -o IdentitiesOnly=yes \
>>>>>>> -i /Users/bryanhunt/.vagrant.d/insecure_private_key \
>>>>>>> -o ForwardAgent=yes \
>>>>>>> "/bin/sh  -c 'git clone git at bitbucket.org:bryan_picsolve/poc_docker.git /home/vagrant/poc_dockera' "
>>>>>>> Cloning into '/home/vagrant/poc_dockera'...
>>>>>>> 
>>>>>>> In the second instance I express the arguments differently ( -o HostName=127.0.0.1 -o User=vagrant ), and Agent Forwarding doesn’t seem to work:
>>>>>>> 
>>>>>>> ssh -o HostName=127.0.0.1 -o User=vagrant -p 2222 \
>>>>>>> -o Compression=yes \
>>>>>>> -o StrictHostKeyChecking=no \
>>>>>>> -o LogLevel=FATAL \
>>>>>>> -o StrictHostKeyChecking=no \
>>>>>>> -o UserKnownHostsFile=/dev/null \
>>>>>>> -o IdentitiesOnly=yes \
>>>>>>> -i /Users/bryanhunt/.vagrant.d/insecure_private_key \
>>>>>>> -o ForwardAgent=yes \
>>>>>>> "/bin/sh  -c 'git clone git at bitbucket.org:bryan_picsolve/poc_docker.git /home/vagrant/poc_dockerb' "
>>>>>>> /bin/sh  -c 'git clone git at 127.0.0.1's password:
>>>>>>> 
>>>>>>> The client side SSH is:
>>>>>>> 
>>>>>>> OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
>>>>>>> 
>>>>>>> The server side SSH is:
>>>>>>> 
>>>>>>> OpenSSH_5.9p1 Debian-5ubuntu1.1, OpenSSL 1.0.1 14 Mar 2012
>>>>>>> 
>>>>>>> 
>>>>>>> Have any of the list members got an insight into this behaviour ?
>>>>>>> 
>>>>>>> Thanks in advance, 
>>>>>>> 
>>>>>>> Bryan Hunt
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> _______________________________________________
>>>>>>> openssh-unix-dev mailing list
>>>>>>> openssh-unix-dev at mindrot.org
>>>>>>> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>>> 
>>> _______________________________________________
>>> openssh-unix-dev mailing list
>>> openssh-unix-dev at mindrot.org
>>> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
> 
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
> 
> 

-- 
Alex Bligh

More information about the openssh-unix-dev mailing list