OSX - SSH agent functionality differing based upon CLI arguments
Alex Bligh
alex at alex.org.uk
Fri Jan 10 21:36:01 EST 2014
I may be being a bit thick here, but if you reduce your command line, by removing the -o and -i options, it says:
>> ssh "" "/bin/sh -c 'git clone git at bitbucket.org:bryan_picsolve/poc_docker.git /home/vagrant/poc_dockerddd’ "
which is the equivalent to
ssh "" "command"
Is using an empty hostname documented as something that is meant to work? I suspect the hostname is simply being merged into the command, and you are doing
ssh command
which is failing.
Alex
On 10 Jan 2014, at 10:16, bryan hunt wrote:
> But it isn’t.
>
> "/bin/sh -c 'git clone git at bitbucket.org:bryan_picsolve/poc_docker.git /home/vagrant/poc_dockerddd’ “ is not interpreted as the hostname, it is executed as a remote command, but without SSH agent working.
>
> Anyhow, I’m not here to demand a better command line argument parser, merely to verify the behaviour so I can help to resolve the problems that Ansible are having.
>
> But thank you for the help.
>
> Bryan
>
>
> On 9 Jan 2014, at 20:12, Markus Friedl <mfriedl at gmail.com> wrote:
>
>> This is due to ssh's flexible argument parsing. If you skip the hostname, them something else is interpreted as the hostname.
>>
>>
>>
>>
>>> Am 09.01.2014 um 18:43 schrieb bryan hunt <picsolvebryan at gmail.com>:
>>>
>>> Yes, called as you describe, SSH works correctly (it Forwards Agent). Quirky!
>>>
>>> But, called the way I was doing, everything but Agent Forwarding works.
>>>
>>> Strange. Looking further, I found another odd behaviour.
>>>
>>> ssh -o User=vagrant -o Hostname=127.0.0.1 -p 2222 -o Compression=yes -o StrictHostKeyChecking=no -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o IdentitiesOnly=yes -i /Users/bryanhunt/.vagrant.d/insecure_private_key -o ForwardAgent=yes -o LogLevel=DEBUG "" "/bin/sh -c 'git clone git at bitbucket.org:bryan_picsolve/poc_docker.git /home/vagrant/poc_dockerddd’ "
>>>
>>> Note how I added the empty quoted string in the hostname position.
>>>
>>> SSH Agent Forwarding works if I add that empty quoted string.
>>>
>>> If I remove the empty quoted string, the git checkout is executed, but prompts for authentication.
>>>
>>> I would expect SSH to completely succeed, or completely fail to execute the command - rather than have the side channel (SSH agent) fail or succeed based upon how I express the command line arguments.
>>>
>>> This is a stock version of the ssh command on OSX.
>>>
>>> The checksum is:
>>>
>>> MD5 (/usr/bin/ssh) = 35caacee333ebae93d4087ca349738e4
>>>
>>> Perhaps another OSX user could verify this behaviour?
>>>
>>> Regards,
>>>
>>> Bryan Hunt
>>>
>>>
>>>> On 9 Jan 2014, at 17:21, Markus Friedl <mfriedl at gmail.com> wrote:
>>>>
>>>> You pass it as an option.
>>>>
>>>> But ssh is called like
>>>>
>>>> $ ssh [options] hostname [command]
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>> Am 09.01.2014 um 16:21 schrieb bryan hunt <picsolvebryan at gmail.com>:
>>>>>
>>>>>
>>>>> I don’t understand, in the second example, "ssh -o HostName=127.0.0.1 “, is the very first argument to the program…
>>>>>
>>>>>
>>>>>
>>>>>> On 9 Jan 2014, at 13:21, Markus Friedl <mfriedl at gmail.com> wrote:
>>>>>>
>>>>>> The 2nd example misses the required hostname argument.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>> Am 09.01.2014 um 13:32 schrieb bryan hunt <picsolvebryan at gmail.com>:
>>>>>>>
>>>>>>>
>>>>>>> Trying to get SSH agent forwarding working for a popular open source configuration management system called Ansible.
>>>>>>>
>>>>>>> I’ve had some unexpected behaviour, the only cause of which I can find is how I express the command line arguments.
>>>>>>>
>>>>>>> http://stackoverflow.com/questions/20952689/vagrant-ssh-agent-forwarding-how-is-it-working?noredirect=1#comment31511341_20952689
>>>>>>>
>>>>>>> In summarise:
>>>>>>>
>>>>>>> In the first instance I can create a SSH connection, and and execute a remote git clone (via SSH), the Agent Forwarding works, and I am not prompted for credentials:
>>>>>>>
>>>>>>> ssh vagrant at 127.0.0.1 -p 2222 \
>>>>>>> -o Compression=yes \
>>>>>>> -o StrictHostKeyChecking=no \
>>>>>>> -o LogLevel=FATAL \
>>>>>>> -o StrictHostKeyChecking=no \
>>>>>>> -o UserKnownHostsFile=/dev/null \
>>>>>>> -o IdentitiesOnly=yes \
>>>>>>> -i /Users/bryanhunt/.vagrant.d/insecure_private_key \
>>>>>>> -o ForwardAgent=yes \
>>>>>>> "/bin/sh -c 'git clone git at bitbucket.org:bryan_picsolve/poc_docker.git /home/vagrant/poc_dockera' "
>>>>>>> Cloning into '/home/vagrant/poc_dockera'...
>>>>>>>
>>>>>>> In the second instance I express the arguments differently ( -o HostName=127.0.0.1 -o User=vagrant ), and Agent Forwarding doesn’t seem to work:
>>>>>>>
>>>>>>> ssh -o HostName=127.0.0.1 -o User=vagrant -p 2222 \
>>>>>>> -o Compression=yes \
>>>>>>> -o StrictHostKeyChecking=no \
>>>>>>> -o LogLevel=FATAL \
>>>>>>> -o StrictHostKeyChecking=no \
>>>>>>> -o UserKnownHostsFile=/dev/null \
>>>>>>> -o IdentitiesOnly=yes \
>>>>>>> -i /Users/bryanhunt/.vagrant.d/insecure_private_key \
>>>>>>> -o ForwardAgent=yes \
>>>>>>> "/bin/sh -c 'git clone git at bitbucket.org:bryan_picsolve/poc_docker.git /home/vagrant/poc_dockerb' "
>>>>>>> /bin/sh -c 'git clone git at 127.0.0.1's password:
>>>>>>>
>>>>>>> The client side SSH is:
>>>>>>>
>>>>>>> OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
>>>>>>>
>>>>>>> The server side SSH is:
>>>>>>>
>>>>>>> OpenSSH_5.9p1 Debian-5ubuntu1.1, OpenSSL 1.0.1 14 Mar 2012
>>>>>>>
>>>>>>>
>>>>>>> Have any of the list members got an insight into this behaviour ?
>>>>>>>
>>>>>>> Thanks in advance,
>>>>>>>
>>>>>>> Bryan Hunt
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> openssh-unix-dev mailing list
>>>>>>> openssh-unix-dev at mindrot.org
>>>>>>> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>>>
>>> _______________________________________________
>>> openssh-unix-dev mailing list
>>> openssh-unix-dev at mindrot.org
>>> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
>
--
Alex Bligh
More information about the openssh-unix-dev
mailing list