[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Jailkit-users] ssh agent forwarding difficulties

From: Valdemar Lemche
Subject: [Jailkit-users] ssh agent forwarding difficulties
Date: Sun, 05 Aug 2007 11:47:52 +0200
User-agent: Thunderbird (Windows/20070728)

I followed the howto, Jailkit howto - creating an SSH only shell in a
chroot jail

Does anyone have any bright ideas how to do ssh agent forwarding from a
client, through a bastion host, using a jailkit user, to a final server?

Of course it works fine to the bastion host, but from the bastion host
to the final server things are not going to well.

The agent socket is written to the not chroot'ed /tmp, so I tried
copying it to <chroot'ed>/tmp using "cp -r `dirname $SSH_AUTH_SOCK`
/chrootusers/tmp" in /etc/ssh/sshrc.

The socket is copied correctly with the right permissions and
everything. But for some reason it still doesnt work:

This is the output from my putty when I run the remote command "ssh -v
-a address@hidden"

Using username "keymaster".
Authenticating with public key "Valdemar Lemche <address@hidden>"
from agent
OpenSSH_4.6p1 Debian-4, OpenSSL 0.9.8e 23 Feb 2007
debug1: Reading configuration data /home/keymaster/.ssh/config
debug1: Applying options for *
debug1: Connecting to wheezy [] port 22.
debug1: Connection established.
debug1: identity file /home/keymaster/.ssh/identity type -1
debug1: identity file /home/keymaster/.ssh/id_rsa type -1
debug1: identity file /home/keymaster/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version
OpenSSH_4.6p1 Debian-4
debug1: match: OpenSSH_4.6p1 Debian-4 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.6p1 Debian-4
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'wheezy' is known and matches the RSA host key.
debug1: Found key in /home/keymaster/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/keymaster/.ssh/identity
debug1: Trying private key: /home/keymaster/.ssh/id_rsa
debug1: Trying private key: /home/keymaster/.ssh/id_dsa
debug1: No more authentication methods to try.
Permission denied (publickey).

I've run out of idea ...

reply via email to

[Prev in Thread] Current Thread [Next in Thread]