[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#908195: openssh-server: agent forwarding broken in incoming ssh connections

Hallo Giacomo Mulas,

08.09.18 10:16 Giacomo Mulas:
> On Fri, 7 Sep 2018, Timo Weingärtner wrote:
> > So the connection to some ssh-agent is working. Please check which process
> > owns the socket pointed to by $SSH_AUTH_SOCK. If it is not sshd you have
> > another problem; perhaps something like libpam-ssh is starting a new
> > ssh-agent for your ssh session?
> ls -l $SSH_AUTH_SOCK yields
> srw------- 1 gmulas ssh 0 set  8 10:05 /tmp/ssh-TteIoyXhPTF2/agent.14983=
> whereas lsof $SSH_AUTH_SOCK yields nothing run as regular user and
> lsof /tmp/ssh-TteIoyXhPTF2/agent.14983= run as root yields
> ssh-agent 14984 gmulas    3u  unix 0x000000004846ae07      0t0 6314996
> /tmp/ssh-TteIoyXhPTF2/agent.14983 type=STREAM
> the parent ID of this ssh-agent is 1 (?)

That's normal when it was started without a command to run.

> I hope this can help. Please let me know if there is something else I can do
> to track the problem.

For me the problem can be reproduced by installing libpam-ssh.

openssh 7.8 + libpam-ssh: broken
openssh 7.4 + libpam-ssh: works
any openssh + no libpam-ssh: works

The problem might be that libpam-ssh starts an ssh-agent and sets 
SSH_AUTH_SOCK regardless of whether an agent is forwarded and newer openssh-
server doesn't change SSH_AUTH_SOCK pointing to its own socket?


Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: