I have a local host L and two remote servers S0 and S2. I can get ssh keys to be forwarded to S0 but not to S2. What's going wrong? See below for details:
L = dev29
S0 = testserver0
S2 = testserver2
on the local computer dev29:
[user@dev29 ~]$ head ~/.ssh/config
Host testserver0
IdentityFile ~/.ssh/id_rsa_liberty
ForwardAgent yes
Host testserver2
IdentityFile ~/.ssh/id_odmi_dev_2019_rsa
ForwardAgent yes
[user@dev29 ~]$ ssh-add -l
2048 SHA256:MdVraEQBZBO2iEGVKVWqN4w+h8CP2iPXIlzQhU65RpE user@dev29 (RSA)
[user@dev29 ~]$ ls -l ~/.ssh/id_rsa_liberty ~/.ssh/id_odmi_dev_2019_rsa
-rw------- 1 user user 1823 Jul 14 12:11 /home/user/.ssh/id_odmi_dev_2019_rsa
-rw------- 1 user user 1675 Apr 22 2013 /home/user/.ssh/id_rsa_liberty
Forwarding to S0 works:
[user@dev29 ~]$ ssh backoffice@testserver0
Last login: Sun Jul 14 20:39:50 2019 from <X.Y.Z>
[backoffice@vs3234 ~]$ ssh-add -l
2048 f1:e9:e7:d6:b3:21:de:94:54:af:c6:42:48:2f:01:e3 user@dev29 (RSA)
[backoffice@vs3234 ~]$ cat /etc/redhat-release
CentOS release 6.10 (Final)
[backoffice@vs3234 ~]$ exit
logout
Connection to testserver0 closed.
Forwarding to S2 doesn't:
[user@dev29 ~]$ ssh-add -l
2048 SHA256:MdVraEQBZBO2iEGVKVWqN4w+h8CP2iPXIlzQhU65RpE user@dev29 (RSA)
[user@dev29 ~]$ ssh testserver2
Last login: Sun Jul 14 21:04:09 2019 from 10.137.0.48
[user@testserver2 ~]$ ssh-add -l
The agent has no identities.
It would seem that none of the local configuration files are blocking agent forwarding:
[user@dev29 ~]$ ssh -vvv testserver2 2>&1 | grep 'Reading config'
debug1: Reading configuration data /home/user/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug1: Reading configuration data /home/user/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
[user@dev29 ~]$ cat /home/user/.ssh/config /etc/ssh/ssh_config /etc/ssh/ssh_config.d/05-redhat.conf /etc/crypto-policies/back-ends/openssh.config | grep -i forwardagent
ForwardAgent yes
ForwardAgent yes
ForwardAgent yes
# ForwardAgent no
[user@dev29 ~]$ cat /etc/redhat-release
Fedora release 29 (Twenty Nine
On the testserver2-side, sshd_config seems to be OK, and restarting sshd doesn't seem to help:
[user@testserver2 ~]$ sudo grep -i agentforw /etc/ssh/sshd_config
#AllowAgentForwarding yes
AllowAgentForwarding yes
[user@testserver2 ~]$ sudo service sshd restart
Redirecting to /bin/systemctl restart sshd.service
[user@testserver2 ~]$ cat /etc/redhat-release
Fedora release 29 (Twenty Nine)
[user@testserver2 ~]$ exit
logout
Connection to testserver2 closed.
[user@dev29 ~]$ ssh testserver2
Last login: Sun Jul 14 21:04:22 2019 from 10.137.0.48
[user@testserver2 ~]$ ssh-add -l
The agent has no identities.
Possible multiple instances of ssh-agent running as described in https://unix.stackexchange.com/questions/528360/ssh-agent-forwarding-troubleshooting , don't seem to be the issue:
[user@testserver2 ~]$ ps xaf | grep ssh-agent | grep -v grep
770 ? Ss 0:00 \_ /usr/bin/ssh-agent /etc/X11/xinit/Xclients
[user@testserver2 ~]$ exit
logout
Connection to testserver2 closed.
[user@dev29 ~]$ ps xaf | grep ssh-agent | grep -v grep
714 ? Ss 0:00 \_ /usr/bin/ssh-agent /etc/X11/xinit/Xclients
Any suggestions?
