On Fri, Feb 18, 2005 at 10:43:49AM -0800, David Rothenberger wrote:
On 2/18/2005 10:41 AM, Christopher Faylor wrote:
I'm having a problem with the 20050215 snapshot (and the 20050131 as well). My ssh-agent connection is not being forwarded by ssh. This is working fine with the 20041119 snapshot.
I still can't duplicate this. Sorry.
Is SSH_AGENT_PID defined in your environment after the first ssh `hostname`?
No. And, it shouldn't be. SSH_AGENT_PID doesn't make any sense after you've logged into a system.
Right. I was asking because the only way I could get this to work was to have SSH_AGENT_PID defined.
I'm seeing the problem on two different WinXP Pro machines and a Win2000 machine. I've tested with the default .profile and .bashrc files and with sh instead of bash. So, it doesn't appear to be something peculiar to my machine or environment.
I believe the problem is due to the new traverse checking. When I start ssh-agent the first time, I see the following in my /tmp directory:
% l /tmp total 0 drwx------+ 2 drothe None 0 Feb 18 11:47 ssh-YwRaOw6140/
Since /tmp/ssh-YwRaOw6140 is owned by my user (drothe), the first ssh `hostname` has no problem accessing the ssh-agent socket.
After I do the first ssh `hostname`, I have the following:
% l /tmp total 0 drwx------+ 2 SYSTEM root 0 Feb 18 11:50 ssh-AtsnfLH756/ drwx------+ 2 drothe None 0 Feb 18 11:47 ssh-YwRaOw6140/ % getfacl /tmp/ssh-AtsnfLH756/ # file: /tmp/ssh-AtsnfLH756/ # owner: SYSTEM # group: root user::rwx group::--- mask:rwx other:--- default:user::rwx default:group::--- default:other:---
Plus, SSH_AUTH_SOCK is set to the new directory:
% echo $SSH_AUTH_SOCK /tmp/ssh-AtsnfLH756/agent.756
% l $SSH_AUTH_SOCK srwxrwxrwx 1 drothe None 0 Feb 18 11:57 /tmp/ssh-AtsnfLH756/agent.756= % getfacl $SSH_AUTH_SOCK # file: /tmp/ssh-AtsnfLH756/agent.756 # owner: drothe # group: None user::rw- group::rw- other:rw- mask:rwx
With traverse checking enabled, my user (drothe) can't access /tmp/ssh-AtsnfLH756/agent.756, even though that file (socket?) has 777 permissions, since the /tmp/ssh-AtsnfLH756 directory is owned by SYSTEM and has 700 permissions. So, the next ssh `hostname` command prompts for a passphrase.
With traverse checking disabled, drothe can access /tmp/ssh-AtsnfLH756/agent.756 and the next ssh `hostname` command succeeds without prompting.
So, I can get this working by defining "CYGWIN=server notraverse" in my default environment as well as the sshd environment. Without the "notraverse" in the sshd environment, the test fails. I can also get it working by manually executing
% chown $USER $(dirname $SSH_AUTH_SOCK)
after the first ssh `hostname`.
-- David Rothenberger spammer? -> [EMAIL PROTECTED] GPG/PGP: 0x7F67E734, C233 365A 25EF 2C5F C8E1 43DF B44F BA26 7F67 E734
We are what we pretend to be.
-- Kurt Vonnegut, Jr.
-- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
