Forwarded is agent, not configuration

Steffen Nurpmeso steffen at sdaoden.eu
Sun Nov 11 12:17:35 AEDT 2018


Hello.

First thanks again for OpenSSH, it is so omnipresent here, what
would i do without it...  (Dropbear ok, this is true.  Etc. Etc.)

Two or three days ago i faced the problem of not being able to
git push data to Sourceforge repositories.  It turned out not to
be just another maintenance hang, but instead it was owed to one
more resource cramping on their side: the reduction of
MaxAuthTries i presume.  There are some keys loaded in the
ssh-agent, and the one for sfnet simply happens to occur "too
late".  (ssh-agent, one of those comfortable things to thank for.)

Now, that actually surprised me a lot, because in my configuration
i do use IdentityFile and IdentitiesOnly.  It seems i have blindly
assumed that this local configuration is passed on and over to the
jump host, from which the commit on sfnet actually happens --- but
this is actually not the case, all those nice configuration
efforts are local and only local!

This i found out thanks to search engines!  And there i found the
tip which helped me out, i was enabled to do

  ssh-add -L | awk '{print $2 " " $3}' |
    while read k n; do echo $k > ~/.ssh/$n; done

and create a minimalized configuration

  Host *.code.sf.net *.sourceforge.net
    HostKeyAlgorithms ssh-rsa
    IdentityFile ~/.ssh/...
    IdentitiesOnly yes

which picks up the public key, and uses the private key from the
agent etc. etc. etc.!  Wonderful.
But it made me wonder why this is at all necessary, couldn't the
ssh on the jump host realize that it has no configuration by
itself and check, possibly optionally, the local configuration
whether there is an entry for the next destination?

And, now that i write this, i have always wondered why the agent
needs the private keys after they have been loaded.  (At least it
was like that last time i tried.)  I.e., it would be fantastic to
be able to load the stuff into the agent, and remove the stick
thereafter!

Are these observations correct or have i missed something?
I want to remark i have read the manual, and it was a search
engine (oh what a mess!) odysee to get to this point at all.

Ciao, and a nice Sunday!

--steffen
|
|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)


More information about the openssh-unix-dev mailing list