1

Situation

  • I add a ssh-key to the chain using ssh-add -K the_path as user@local
  • I set up key forwarding as described here https://help.github.com/articles/using-ssh-agent-forwarding
  • AllowAgentForwarding is enabled (local)
  • ForwardAgent is not "no" in /etc/ssh_config (remote)
  • echo "$SSH_AUTH_SOCK" delivers a tmp file (local)
  • when I ssh -vT git@bitbucket.com as other@server then it logs in
  • When I run ssh-add -L as other@server then it adds the key.

Problem

  • When I run ssh-add -L on root@server then it says "Could not open a connection to your authentication agent."
  • When I run ssh -vT git@bitbucket.com as root@server then it does not log in

I hardly don't know where to fix that or what the problem is. Can someone help?

LeMike
  • 179
  • 1
  • 8
  • As per [your linked document](https://help.github.com/articles/using-ssh-agent-forwarding#server-must-allow-forwarding-on-inbound-connections) does the server have `AllowAgentForwarding` enabled? – Etan Reisner Jul 16 '13 at 06:33
  • Yes, it is in the sshd_config :) – LeMike Jul 16 '13 at 19:59

2 Answers2

1

Sounds like you haven't started an ssh-agent session for your root user. ssh-agent requires your user to set env variables to associate your user with the correct ssh-agent process.

e.g

SSH_AUTH_SOCK=/tmp/ssh-MTQoMbTLN3Kb/agent.30851; export SSH_AUTH_SOCK; SSH_AGENT_PID=30852; export SSH_AGENT_PID; echo Agent pid 30852;

You may also want to look into SSHKeychain to make managing your agent and keys easier and automatic.

Bob Barker
  • 129
  • 1
  • ForwardAgent is not enough for that? :/ Would it be a security issue on the server to have that running? I know it's needed but currently I want to "disable" root user and use another one. – LeMike Jul 16 '13 at 20:00
1

Using visudo and extending the env_keep with SSH_AUTH_SOCK will solve the problem

Defaults    env_keep+=SSH_AUTH_SOCK
LeMike
  • 179
  • 1
  • 8