Oddness with agent forwarding and -i
Jefferson Ogata
Jefferson.Ogata at noaa.gov
Thu May 13 02:54:00 EST 2004
Thomas Baden wrote:
> I have a number of scripts which make use of ssh -i
> and scp -i, where the target host has the specified
> key in its authorized_keys file with a command=
> override to do immediate processing of the received
> data. This works extremely well, as we are able to
> establish single-function, triggered-action RSA keys
> to toss data from host to host.
>
> Unfortunately, when invoked with a forwarding agent
> present, the agent gets to pass its key(s) before the
> key presented on the command line, which causes all
> the magic to break. I've tried echoing the debug
> output, and it confirms that the agent does indeed get
> first crack at authenticating the connection.
I can't comment on whether this is really intended behavior, but you can easily
work around it by unsetting SSH_AUTH_SOCK before you run ssh:
SSH_AUTH_SOCK= ssh -i foo...
--
Jefferson Ogata <Jefferson.Ogata at noaa.gov>
NOAA Computer Incident Response Team (N-CIRT) <ncirt at noaa.gov>
More information about the openssh-unix-dev
mailing list