| Summary: | Agent fowarding on slave silently fails when not enabled on master | ||
|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | Matthijs Kooijman <matthijs> |
| Component: | ssh | Assignee: | Assigned to nobody <unassigned-bugs> |
| Status: | NEW --- | ||
| Severity: | minor | ||
| Priority: | P5 | ||
| Version: | 7.5p1 | ||
| Hardware: | Other | ||
| OS: | Linux | ||
When a ControlMaster is started with -A, then passing -A to subsequent slave connections works. But when the master connection does not have forwarding, passing -A to a slave connection silently fails. matthijs@grubby:~$ ssh tika-login -o ControlMaster=yes -o ControlPath=/tmp/foo And in another terminal: matthijs@grubby:~$ ssh -o ControlPath=/tmp/foo tika-login -A matthijs@login:~$ echo $SSH_AUTH_SOCK matthijs@login:~$ This is somewhat documented in ssh_config: > X11 and ssh-agent(1) forwarding is supported over these multiplexed > connections, however the display and agent forwarded will be the one > belonging to the master connection i.e. it is not possible to forward > multiple displays or agents. However, that's easy to miss and I was quite surprised at this behaviour. It would be useful if the slave SSH connection would print a warning (or, I guess when ExitOnForwardFailure is set, bail out) when -A is passed when no forwarding is active on the master.