SSH agent forwarding on Mac OS X debugging
ssh -v agaric-production
Tried changing back to RSA:
Ebony-II:.ssh ben$ vi config
Following a model script for Debian on Mac OS X can cause problems-- there is no /home/username on Mac, it's /Users/username.
stefan-agaric: Ben. on macosx your home directory is not /home/ben, is it?
[11:24am] benjamin-agaric: oy bloody vey
[11:24am] stefan-agaric: debugging helps.
[11:25am] stefan-agaric: without that output I woudl not have guessed it.
[11:25am] benjamin-agaric: $ pwd
[11:25am] benjamin-agaric: gives: /Users/ben/.ssh
[11:26am] benjamin-agaric: I should set up bash to give the full path at all times
[11:26am] benjamin-agaric: i totally forgot that. Too long on Ubuntu already!
[11:33am] stefan-agaric: to see if you have an agent type ssh-add -l
[11:33am] stefan-agaric: it should show something.
[11:33am] benjamin-agaric: while logged in?
[11:33am] stefan-agaric: yes.
[11:33am] stefan-agaric: it shoudl show the same key fingerprint that's shown when doing it locally, if any.
[11:36am] stefan-agaric: if nothing is shown locally, you have to run "exec ssh-agent bash" to start the agent in your terminal.
[11:37am] benjamin-agaric: added at the bottom here: http://agaric.com/note/ssh-agent-forwarding-mac-os-x-debugging
[11:37am] benjamin-agaric: now i have to go back and add what makes it work, hehehe
[11:38am] stefan-agaric: I know MacOSX has some way to start teh agent automatically, too..
[11:43am] stefan-agaric: www.sshkeychain.org
[11:50am] benjamin-agaric: well, trying it on my use case and it doesn't work:
[11:50am] benjamin-agaric: ben@agaricdesign:/var/www/bfhua$ git pull agaric master
[11:50am] benjamin-agaric: debug1: client_input_channel_open: ctype auth-agent@openssh.com rchan 2 win 65536 max 16384
[11:50am] benjamin-agaric: debug1: channel 1: new [authentication agent connection]
[11:50am] benjamin-agaric: debug1: confirm auth-agent@openssh.com
[11:50am] benjamin-agaric: debug1: channel 1: FORCE input drain
[11:50am] benjamin-agaric: Permission denied (publickey).
[11:50am] benjamin-agaric: fatal: The remote end hung up unexpectedly
[11:50am] benjamin-agaric: ben@agaricdesign:/var/www/bfhua$ debug1: channel 1: free: authentication agent connection, nchannels 2
[11:52am] benjamin-agaric: Ahh, ok:
[11:52am] benjamin-agaric: Ebony-II:.ssh ben$ exec ssh-agent bash
[11:52am] benjamin-agaric: bash-3.2$
[11:52am] benjamin-agaric: ben@agaricdesign:/var/www/bfhua$ ssh-add -l
[11:52am] benjamin-agaric: debug1: client_input_channel_open: ctype auth-agent@openssh.com rchan 2 win 65536 max 16384
[11:52am] benjamin-agaric: debug1: channel 1: new [authentication agent connection]
[11:52am] benjamin-agaric: debug1: confirm auth-agent@openssh.com
[11:52am] benjamin-agaric: The agent has no identities.
[11:52am] benjamin-agaric: debug1: channel 1: FORCE input drain
[11:52am] benjamin-agaric: ben@agaricdesign:/var/www/bfhua$ debug1: channel 1: free: authentication agent connection, nchannels 2
[11:53am] benjamin-agaric: or not ok?
[11:53am] benjamin-agaric: stefan-agaric: thoughts?
[11:54am] stefan-agaric: it will not have identitites until add them. I think they are added autoatically when using them.
[11:56am] stefan-agaric: try to login and run the command again to see.
[12:02pm] stefan-agaric: to add the standard identities just run ssh-add
[12:02pm] stefan-agaric: do that in the terminal on your laptop where your agent is running.
[12:06pm] stefan-agaric: ok. we must make sure you have the identities loaded into a running agent on your laptop.
[12:06pm] benjamin-agaric: ssh-add
[12:06pm] benjamin-agaric: Identity added: /Users/ben/.ssh/id_rsa (/Users/ben/.ssh/id_rsa)
[12:06pm] benjamin-agaric: Identity added: /Users/ben/.ssh/id_dsa (/Users/ben/.ssh/id_dsa)
[12:07pm] stefan-agaric: now try ssh-add -l
[12:07pm] benjamin-agaric: ssh-add -l
[12:07pm] benjamin-agaric: 2048 03:84:fb:ee:3f:44:ac:c3:4a:17:98:50:bc:93:3e:32 /Users/ben/.ssh/id_rsa (RSA)
[12:07pm] benjamin-agaric: 1024 8e:29:bb:71:70:12:e1:db:da:6a:d6:fe:c4:3e:09:5e /Users/ben/.ssh/id_dsa (DSA)
[12:08pm] stefan-agaric: now try to login to one of our servers and run the same command again.
[12:08pm] benjamin-agaric: reading the ssh -v output, last line: debug1: Requesting authentication agent forwarding.
[12:09pm] benjamin-agaric: Woohooo!!
[12:09pm] benjamin-agaric: cd /var/www/example/
[12:09pm] benjamin-agaric: ben@server:/var/www/example$ git pull agaric master
[12:09pm] benjamin-agaric: debug1: client_input_channel_open: ctype auth-agent@openssh.com rchan 2 win 65536 max 16384
[12:09pm] benjamin-agaric: debug1: channel 1: new [authentication agent connection]
[12:09pm] benjamin-agaric: debug1: confirm auth-agent@openssh.com
[12:09pm] benjamin-agaric: debug1: channel 1: FORCE input drain
[12:09pm] benjamin-agaric: debug1: channel 1: free: authentication agent connection, nchannels 2
[12:09pm] benjamin-agaric: From git.agariclabs.com:/srv/git/example
[12:09pm] benjamin-agaric: * branch master -> FETCH_HEAD
[12:09pm] benjamin-agaric: Already up-to-date.
on debian/ubuntu the xserver starts with an ssh-agent. without that or macosx keychain it's not bearable.
there's also a blog post about it: http://www.dribin.org/dave/blog/archives/2007/11/28/ssh_agent_leopard/
Comments
Excellent post!
Thanks for the help, fellas. This was an excellent post and saved my sanity.
Post new comment