Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Agent Forwarding Question for the list

from [Jason Powers] Network Security [Permanent Link]
Subject: Agent Forwarding Question for the list
Date: Wed, 04 Oct 2006 18:18:02 -0400
I have looked through the archives and googled this pretty thoroughly, I'm having a tough time finding someone else who has asked the same question previously. There's a lot of information about openssh, but surprisingly little detail about port forwarding. Either it works for everyone all the time, or my configuration is a little bit particular compared to others.

We would like to change from ssh2 to openssh for all of our linux servers. I am testing new equipment with Fedora Core 5 with openssh configured out of the box. I have no need to forward X11 windows, I just want to be able to jump from machine to machine with a terminal, ssh and scp, and use different accounts without having to type a password. A lot of our production process revolves around this, so it pretty much has to work for me to convert us.

I made users and keys with openssh instead of using the old ones, put them in the accounts I wanted to jump to on multiple servers. I set the perms on the authorized_keys files to 600. I set the ssh_config file in /etc/ to say ForwardAgent yes.

Now let's say that I have a linux desktop and two linux servers, assuming I've configured things correctly, then from the desktop box I should be able to:

me@desktop> ssh-add
            (type pass for key)
me@desktop> ssh someuser@server1

now from that terminal
someuser@server1> ssh otheruser@server2

It asks me for a password when I try to jump to the second server. I can put the password in and it works, but I think at this point it should be forwarding the key.

I have tail -f running on the secure log on each machine in question so I can see if there's anything happening.

It does not enter into the log on the target machine that I am attempting to open a connection while it waits for a password, so I was thinking that pam may be intercepting the request and demanding one.

Has anyone known pam to do such a thing?
Am I seeing a common non-error?
Is this a situation where ssh-agent on the servers may be interfering with the one from the desktop?
Do I have to turn on X11forwarding to get agent forwarding on these servers, which don't even have x installed?
Does this have something to do with xauth on the servers, or is that only for x11 forwarding?

Thanks

Jason Powers

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: How necessary is SSH_AUTH_SOCK?, Roland Turner (Security Focus)
Next by Date:  Re: Agent Forwarding Question for the list, Justin Alcorn
Previous by Thread:  Re: How necessary is SSH_AUTH_SOCK?, Steven Elliott
Next by Thread:  Re: Agent Forwarding Question for the list, Justin Alcorn
Indexes:  [Date] [Thread] [Top] [All Lists]