Agent Forwarding Question for the list
I have looked through the archives and googled this pretty thoroughly,
I'm having a tough time finding someone else who has asked the same
question previously. There's a lot of information about openssh, but
surprisingly little detail about port forwarding. Either it works for
everyone all the time, or my configuration is a little bit particular
compared to others.
We would like to change from ssh2 to openssh for all of our linux
servers. I am testing new equipment with Fedora Core 5 with openssh
configured out of the box. I have no need to forward X11 windows, I just
want to be able to jump from machine to machine with a terminal, ssh and
scp, and use different accounts without having to type a password. A lot
of our production process revolves around this, so it pretty much has to
work for me to convert us.
I made users and keys with openssh instead of using the old ones, put
them in the accounts I wanted to jump to on multiple servers. I set the
perms on the authorized_keys files to 600. I set the ssh_config file in
/etc/ to say ForwardAgent yes.
Now let's say that I have a linux desktop and two linux servers,
assuming I've configured things correctly, then from the desktop box I
should be able to:
(type pass for key)
me@desktop> ssh someuser@server1
now from that terminal
someuser@server1> ssh otheruser@server2
It asks me for a password when I try to jump to the second server. I can
put the password in and it works, but I think at this point it should be
forwarding the key.
I have tail -f running on the secure log on each machine in question so
I can see if there's anything happening.
It does not enter into the log on the target machine that I am
attempting to open a connection while it waits for a password, so I was
thinking that pam may be intercepting the request and demanding one.
Has anyone known pam to do such a thing?
Am I seeing a common non-error?
Is this a situation where ssh-agent on the servers may be interfering
with the one from the desktop?
Do I have to turn on X11forwarding to get agent forwarding on these
servers, which don't even have x installed?
Does this have something to do with xauth on the servers, or is that
only for x11 forwarding?