ssh-agent does not accept all forwarded RSA keys on later versions.

Damien Miller djm at mindrot.org
Mon Aug 10 13:26:42 AEST 2020


On Fri, 7 Aug 2020, Matt Schepers wrote:

> Hello,
> 
> I've got a problem with newer versions of ssh-agent not accepting all keys
> being forwarded to them.
> 
> Example:
> LOCAL-WORKSTATION
> ssh-add -l
> 4096 SHA256:HFSzrozPapudofYJi8QvXQdA1/vNpFc2iPWH8CGVsEg (none) (RSA)
> 2048 SHA256:lbjpmHAYtUO+zaLaKvWVxGNYkXRkOumcoOpLdRSVX/U
> /home/matt/.ssh/id_rsa_embedded (RSA)
> ssh -V
> OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n  7 Dec 2017
> 
> BROKEN-REMOTE
> ssh -A brokenHost
> ssh-add -l
> 2048 SHA256:lbjpmHAYtUO+zaLaKvWVxGNYkXRkOumcoOpLdRSVX/U
> /home/matt/.ssh/id_rsa_embedded (RSA)
> ssh -V
> OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f  31 Mar 2020
> Here only one key gets forwarded when there should be two. That's what the
> problem is.
> 
> WORKING-REMOTE
> ssh -A workingHost
> ssh-add -l
> 4096 SHA256:HFSzrozPapudofYJi8QvXQdA1/vNpFc2iPWH8CGVsEg (none) (RSA)
> 2048 SHA256:lbjpmHAYtUO+zaLaKvWVxGNYkXRkOumcoOpLdRSVX/U
> /home/matt/.ssh/id_rsa_embedded (RSA)
> ssh -V
> OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n  7 Dec 2017
> 
> 
> So the problem appears to be that the newer version is not accepting all of
> the forwarded keys. I'd like to troubleshoot this and/or file a bug report.
> Can you guys point me in the right direction?

Could you post the entire key that is not being forwarded and not
just the fingerprint?

-d


More information about the openssh-unix-dev mailing list