I made it the default setting by altering /etc/ssh-config because all of
my servers and users are configured for this method of authentication (I
will eventually shut passwords off on many of the servers.)

The behavior remains the same whether I use -A at any or all points in
the process or not.

Thanks for your help

Jason Powers

Francois.Bolduc@ca.fujitsu.com wrote:
> You need to specify the -A switch in your ssh calls to forward the agent
> through unless you alias the ssh command or set it as a default ssh
> client setting.
> François Bolduc
> Fujitsu Consulting - Ottawa
> 613-694-2649
> -----Original Message-----
> From: listbounce@securityfocus.com@DMR-CANADA on behalf of Jason Powers
> Sent: Wed 10/4/2006 6:18 PM
> To: secureshell@securityfocus.com
> Subject: Agent Forwarding Question for the list
> I have looked through the archives and googled this pretty thoroughly,
> I'm having a tough time finding someone else who has asked the same
> question previously. There's a lot of information about openssh, but
> surprisingly little detail about port forwarding. Either it works for
> everyone all the time, or my configuration is a little bit particular
> compared to others.
> We would like to change from ssh2 to openssh for all of our linux
> servers. I am testing new equipment with Fedora Core 5 with openssh
> configured out of the box. I have no need to forward X11 windows, I just
> want to be able to jump from machine to machine with a terminal, ssh and
> scp, and use different accounts without having to type a password. A lot
> of our production process revolves around this, so it pretty much has to
> work for me to convert us.
> I made users and keys with openssh instead of using the old ones, put
> them in the accounts I wanted to jump to on multiple servers. I set the
> perms on the authorized_keys files to 600. I set the ssh_config file in
> /etc/ to say ForwardAgent yes.
> Now let's say that I have a linux desktop and two linux servers,
> assuming I've configured things correctly, then from the desktop box I
> should be able to:
> me@desktop> ssh-add
> (type pass for key)
> me@desktop> ssh someuser@server1
> now from that terminal
> someuser@server1> ssh otheruser@server2
> It asks me for a password when I try to jump to the second server. I can
> put the password in and it works, but I think at this point it should be
> forwarding the key.
> I have tail -f running on the secure log on each machine in question so
> I can see if there's anything happening.
> It does not enter into the log on the target machine that I am
> attempting to open a connection while it waits for a password, so I was
> thinking that pam may be intercepting the request and demanding one.
> Has anyone known pam to do such a thing?
> Am I seeing a common non-error?
> Is this a situation where ssh-agent on the servers may be interfering
> with the one from the desktop?
> Do I have to turn on X11forwarding to get agent forwarding on these
> servers, which don't even have x installed?
> Does this have something to do with xauth on the servers, or is that
> only for x11 forwarding?
> Thanks
> Jason Powers