ssh-agent does not accept all forwarded RSA keys on later versions.
Matt Schepers
mattschepers at gmail.com
Tue Aug 11 00:32:28 AEST 2020
I am running gpg-agent locally. Two keys are served from gpg-agent: a gpg
created ssh key and a ssh-keygen created key stored in ~/.ssh/id_rsa. The
gpg created key is the one that the remote agent wouldn't accept, and my
problem is that I wasn't really able to debug it.
By pure dumb luck I removed the package libpam-ssh and the problem
disappeared.
On Mon, Aug 10, 2020 at 12:55 AM Jakub Jelen <jjelen at redhat.com> wrote:
> On Fri, 2020-08-07 at 11:54 -0600, Matt Schepers wrote:
> > Hello,
> >
> > I've got a problem with newer versions of ssh-agent not accepting all
> > keys
> > being forwarded to them.
> >
> > Example:
> > LOCAL-WORKSTATION
> > ssh-add -l
> > 4096 SHA256:HFSzrozPapudofYJi8QvXQdA1/vNpFc2iPWH8CGVsEg (none) (RSA)
> > 2048 SHA256:lbjpmHAYtUO+zaLaKvWVxGNYkXRkOumcoOpLdRSVX/U
> > /home/matt/.ssh/id_rsa_embedded (RSA)
> > ssh -V
> > OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017
>
> What is the ssh-agent you are running on this machine? Is it stock ssh-
> agent, gnome-keyring or some other implementation? You should get the
> idea from the SSH_AUTH_SOCK environment variable.
>
> Regards,
> --
> Jakub Jelen
> Senior Software Engineer
> Security Technologies
> Red Hat, Inc.
>
>
More information about the openssh-unix-dev
mailing list