ssh — проблемы с key forwarding

Инструкция с Гитхаба мне помогла справиться с проблемой. Вот она:

Troubleshooting SSH agent forwarding

Here are some things to look out for when troubleshooting SSH agent forwarding.

You must be using an SSH URL to check out code

SSH forwarding only works with SSH URLs, not HTTP(s) URLs. Check the .git/config file on your server and ensure the URL is an SSH-style URL like below:

[remote "origin"]
  url =
  fetch = +refs/heads/*:refs/remotes/origin/*

Your SSH keys must work locally

Before you can make your keys work through agent forwarding, they must work locally first. Our guide on generating SSH keys can help you set up your SSH keys locally.

Your system must allow SSH agent forwarding

Sometimes, system configurations disallow SSH agent forwarding. You can check if a system configuration file is being used by entering the following command in the terminal:

$ ssh -v
# Connect to with verbose debug output
OpenSSH_5.6p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /Users/you/.ssh/config
debug1: Applying options for
debug1: Reading configuration data /etc/ssh_config
debug1: Applying options for *
$ exit
# Returns to your local command prompt

In the example above, the file ~/.ssh/config is loaded first, then /etc/ssh_config is read. We can inspect that file to see if it’s overriding our options by running the following commands:

$ cat /etc/ssh_config
# Print out the /etc/ssh_config file
 Host *
   SendEnv LANG LC_*
   ForwardAgent no

In this example, our /etc/ssh_config file specifically says ForwardAgent no, which is a way to block agent forwarding. Deleting this line from the file should get agent forwarding working once more.

Your server must allow SSH agent forwarding on inbound connections

Agent forwarding may also be blocked on your server. You can check that agent forwarding is permitted by SSHing into the server and running sshd_config. The output from this command should indicate that AllowAgentForwarding is set.

Your local ssh-agent must be running

On most computers, the operating system automatically launches ssh-agent for you. On Windows, however, you need to do this manually. We have a guide on how to start ssh-agent whenever you open Git Bash.

To verify that ssh-agent is running on your computer, type the following command in the terminal:

$ echo "$SSH_AUTH_SOCK"
# Print out the SSH_AUTH_SOCK variable

Your key must be available to ssh-agent

You can check that your key is visible to ssh-agent by running the following command:

ssh-add -L

If the command says that no identity is available, you’ll need to add your key:

ssh-add yourkey

On Mac OS X

On Mac OS X, ssh-agent will “forget” this key, once it gets restarted during reboots. But you can import your SSH keys into Keychain using this command:

/usr/bin/ssh-add -K yourkey

Getting started
Basics of authentication
Discovering resources for a user
Managing deploy keys
Using SSH agent forwarding
Rendering data as graphs
Working with comments
Traversing with pagination
Building a CI server
Delivering deployments
Automating deployments to integrators
Best practices for integrators

This website is a public GitHub repository. Please help us by forking the project and adding to it. API Status: good

Leave a Reply