[Bug 3264] New: ForwardAgent inactive socket with values not in (yes, no)

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Feb 23 06:06:56 AEDT 2021


https://bugzilla.mindrot.org/show_bug.cgi?id=3264

            Bug ID: 3264
           Summary: ForwardAgent inactive socket with values not in (yes,
                    no)
           Product: Portable OpenSSH
           Version: 8.4p1
          Hardware: amd64
                OS: Linux
            Status: NEW
          Severity: trivial
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: sev+ssh-bugs at sev.monster

I noticed after making a typo in my ssh_config that if one sets the
ForwardAgent option to a value other than yes or no, a socket is still
created on the destination, but that socket does not respond.

To test, I started `ssh-agent -d', set SSH_AUTH_SOCK, added a key, and
ran these commands:

    % ssh -o ForwardAgent=yrs 10.0.0.1 ssh-add -l
    % ssh -o ForwardAgent=yes 10.0.0.1 ssh-add -l

In both cases, the output is the same until the 'ssh-agent -l' command
is run:

    OpenSSH_8.4p1, OpenSSL 1.1.1i  8 Dec 2020
    ...
    debug1: Requesting authentication agent forwarding.
    ...
    debug1: Sending command: ssh-add -l
    debug1: client_input_channel_open: ctype auth-agent at openssh.com
rchan 2 win 65536 max 16384

At this point, the output diverges. For ForwardAgent=yrs:

    debug1: client_request_agent: ssh_get_authentication_socket: No
such file or directory
    debug1: failure auth-agent at openssh.com
    error fetching identities: communication with agent failed

It can be seen that ssh-agent is not outputting debug information
showing that it has received activity on the client machine's socket.
For the correct ForwardAgent=yes:

    debug1: channel 1: new [authentication agent connection]
    debug1: confirm auth-agent at openssh.com
    debug2: fd 4 setting O_NONBLOCK
    debug1: process_message: socket 1 (fd=4) type 11
    debug1: channel 1: FORCE input drain
    2048 SHA256:4c82f66aac74743b56154b7a06b6b91297ece749326
/home/user/.ssh/id_rsa (RSA)
    ...

I am using OpenSSH 8.4p1 compiled against musl on Alpine Linux, should
that make a difference. I do not believe there are any patches being
applied that would have anything to do with this bug.

Regards.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list