MacOS – ssh -A doesn’t properly enable forwarding of authentication agent connection

macosssh

I love ssh -A, which allows me to use my local ssh key when establishing a connection from a remote server. For example, I ssh -A host1.example.com and then from there I can ssh host2.example.com (or use git) and it uses my ssh key from the original machine, which in this case should be my mac. Although this has always worked for me on Debian/Ubuntu, it doesn't work on my new mac (Lion).

What am I missing here? How do I configure ssh to work correctly with -A? Do I need an ssh that is not the standard MacOS one?

Best Answer

Actually, the very simple answer is that you have to run

ssh-add

and then it all works.

Basically, macOS already has the ssh-agent set up for you, but after each reboot you need to add your keys to it. ssh-add gives ssh-agent access to your keys for the current boot cycle. You'll have to enter the password for your private key if you have created one.

Related Solutions

Source .profile and .bashrc on ssh login without tty

Bash has special provisions in its source code to source ~/.bashrc when it's invoked by rshd or sshd. It's a compilation option, which given your experience seems not to be turned on under OSX.

If you're logging in with a key, you can (ab)use the command= option in the ~/.ssh/authorized_keys file. A key with a command option is good only for running the specified command; but the command in the authorized_keys file runs with the environment variable SSH_ORIGINAL_COMMAND set to the command the user specified (empty for interactive sessions). So you can use something like this in ~/.ssh/authorized_keys (of course, it won't apply if you don't use this key to authenticate):

command=". ~/.profile;
         if [ -n \"$SSH_ORIGINAL_COMMAND\" ]; then
           eval \"$SSH_ORIGINAL_COMMAND\";
         else exec \"$SHELL\"; fi" ssh-rsa …

Note that I put line breaks above for legibility, but this actually needs to be all on one line.

How can I set environment variables for a remote rsync process? may have other helpful suggestions.

Ssh port forwarding error

When you initiate port forwarding, you don't specify the user.

localhost:~ user2$ ssh -L 8022:server2:22 user1@server1

You need to specify user in the second command:

localhost:~ user1$ scp -P 8022 user1@0.0.0.0:file .

That should work fine for you

Best Answer

Related Solutions

Source .profile and .bashrc on ssh login without tty

Ssh port forwarding error

Related Question