0

Situation: I have a Desktop (Debain Sid) that I prefer to develop on. I have a macbook pro, since we're developing for Mac, that I compile on (Uses Apple SDK's all driven by a scons build so xcode is installed but never used.) We have a Mercurial Repo that our team uses. I am not able to make changed on this.

There is a public key to the Mac to connect to the HG (Mercurial) Repo over ssh. There is NO public key on the debian desktop since I only connect to the mac.

Problem: If I'm sitting in front of the mac and type hg pull (essentially an ssh connection) everything works perfect. If I'm sitting in front of the desktop and ssh into the Mac and run hg pull, I get:

remote: Permission denied (publickey).
abort: no suitable response from remote hg!

I presume it is looking for a public key on the debian system for some reason. Is there a way to disable this "key passthrough/forwarding?", I've tried googling for this, but it's nearly impossible as I'm flooded with "How to setup pubkey" tutorials and the like.

Please save me from having to use that mac laptop keyboard.

EEAA
  • 109,363
  • 18
  • 175
  • 245
Andrew T
  • 113
  • 3
  • 1
    When you are directly on your mac keychain is acting as an SSH agent. – Zoredache Oct 12 '12 at 15:51
  • Why not plug in a USB keyboard? You'll be saved... – voretaq7 Oct 12 '12 at 16:05
  • Unfamiliarity, I don't know how to add scripts to finder right click without running yet another process. The meta and ctrl on the keyboard are reversed. Hell, I can't even disable "Sleep when lid is closed" without installing some sketchy 3rd party binary. I can get rid of it all together if I had the time to get a cross compiler installed on the debian box, but that's a bigger project than I've got time for. :) – Andrew T Oct 12 '12 at 18:31

1 Answers1

2

You do not want to disable key forwarding, you want to enable SSH Agent Forwarding when you're connecting from the Mac to the Debian box.

From the ssh man page:

-A Enables forwarding of the authentication agent connection. This can also be specified on a per-host basis in a configuration file.

This will allow your Debian host to use the keys on your Mac, when you're ssh'd into the Debian box (through the SSH agent running their, which as Zoredache mentioned is provided by Apple's keychain service).

Note that if you want this to work from the console on the Debian box you need to put keys on the Debian box - Agent forwarding only works if there's a chain of SSH connections that gets you back to a working agent with appropriate keys...

See also: SSH passphrase remembered in MacOSX Snow Leopard

Community
  • 1
voretaq7
  • 79,879
  • 17
  • 130
  • 214
  • I think you've got this backwards. The OP wants to SSH from Debian to Mac, and use the keys on the Mac. – nickgrim Oct 12 '12 at 16:39
  • @nickgrim In that case they just need to start an SSH agent on the Mac (and actually if the key is in the normal place (`~/.ssh/id_dsa` or `id_rsa`) they shoudn't even need to do that...) – voretaq7 Oct 12 '12 at 16:40
  • Thank you, nickgrim was correct that this was backwards, but disabling agent forwarding did the trick so it doesn't try and use the keys on the debian machine, and rather the mac that I'm ssh'd in to. :) – Andrew T Oct 12 '12 at 18:21