Secondary SSH connection

Jochen Bern Jochen.Bern at binect.de
Sat Aug 24 12:34:21 AEST 2024


On 24.08.24 03:16, Dave Close wrote:
> Damien Miller wrote:
>> This is ssh trying to connect to $SSH_AUTH_SOCK, perhaps JuiceSSH's
>> agent that you've forwarded.
> 
> No need to fix JuiceSSH. It's authors ignore all contact anyway. Fixed
> on my system with a simple bash command:
>    "alias xssh="unset SSH_AUTH_SOCK; ssh".

[scratches head] If JuiceSSH's forwarded agent reliably refuses to 
serve, why not simply tell it to stop doing such a forward ... ?

On another note, the fact that you apparently do not need an agent to 
authenticate the SSH connections from the first jump host onward is (I 
hope) not a common situation. I suspect that the more general approach 
would be to start a *new* agent on the jump host (which should hijack 
$SSH_AUTH_SOCK with a *working*, albeit "not running quite where you'd 
expect it to", agent).

Assuming that the keypair(s) on your Android exist *only* there, I'd try 
giving the pubkey in the jump host's authorized_keys a command="..." 
option to run something that starts the new agent and lets the sub-shell 
execute $SSH_ORIGINAL_COMMAND (or turn into an interactive login shell 
if the env var is empty).

Kind regards,
-- 
Jochen Bern
Systemingenieur

Binect GmbH
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3447 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20240824/3c5c89e8/attachment.p7s>


More information about the openssh-unix-dev mailing list