Help with ssh -A, screen, ssh -a, detach, logout

raf ssh at raf.org
Thu Jun 4 12:17:43 AEST 2020


Philipp Marek wrote:

> > Any suggestions?
> 
> On host2, run screen (or individual commands) without SSH_AUTH_SOCK, so eg.
> 
>     $ SSH_AUTH_SOCK= rsync ...

Hi Philipp,

Thanks for trying to help but that doesn't work.
It prevents the ssh from host2 to host3 from having
access to the agent, which it needs initially,
but it only needs it long enough to authenticate
the connection to host3. The attempt to ssh to host3
fails (because that ssh has no access to the key).

I would hope that, once that authentication to host3
has completed, that ssh process would close its
connection to the agent because it had been invokved
with the -a option, and so the connection is no longer
needed. i.e. it doesn't need to be forwarded to host3.

I see ssh's failure to close the connection to the agent,
once it is no longer needed, as a possible buglet.
I was hoping that someone could explain why it needs to
keep that connection open. I'm assuming there might be
a good reason for it. Or maybe it really is a buglet.

If this behaviour could be changed, so that ssh closes
its connection to the agent socket when it is no longer
needed, it would probably solve my problem automatically.

Does that sound reasonable?

cheers,
raf



More information about the openssh-unix-dev mailing list