IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

IWETHEY Home / IWETHEY Board / Software and Applications Forum / Yes, all of those things are configured as described.
Post #372,005
by malraux
Picture of malraux
2/28/13 9:58:02 PM
Reply
New Yes, all of those things are configured as described.
And I discovered that it works fine through non-root accounts. I can't forward through root on the remote machine.

Doesn't work:
anderson $ ssh -A root@remotehost
root[remotehost] $ ssh -T git@github.com

Does work:
anderson $ ssh -A nonroot@remotehost
root[remotehost] $ ssh -T git@github.com

So for some reason root is being blocked from forwarding, which makes no sense to me since forwarding only exposes the original client machine, not the remote.

So it's not OS X... it's Ubuntu. ;-)

Thanks anyways. Now I have to figure out how to convince Ansible to configure things via sudo instead (which it will do, but only for an entire playbook at a time, not just a single task).
Regards,
-scott
Welcome to Rivendell, Mr. Anderson.
Post #372,018
by folkert
Picture of folkert
3/1/13 12:34:30 AM
Reply
New Now... ahh ha.
More than likely they are being anal retentive about Root.

Root is a crappy thing to have to use to do automated things. It happens, but many won't/don't know how to make it available.

Probably comes down to a setup using some kind of PAM thing or perhaps "root" has a compiled in option for ssh/sshd to not allow things. There are weird options usable to restrict Root in custom compiled sources, all without config options evident.

You should see entries in the /var/log/auth.log for me...

Mar 1 00:32:57 omg sshd[30118]: Accepted publickey for root from XX.XX.XX.XX port 34837 ssh2
Mar 1 00:32:57 omg sshd[30118]: pam_unix(sshd:session): session opened for user root by (uid=0)

I'd be looking as the PAM session setup, I'm betting its there.
--
greg@gregfolkert.net
PGP key 1024D/B524687C 2003-08-05
Fingerprint: E1D3 E3D7 5850 957E FED0 2B3A ED66 6971 B524 687C
Post #372,034
by malraux
Picture of malraux
3/1/13 10:23:43 AM
Reply
New Didn't find anything, but good idea. Thanks.
Regards,
-scott
Welcome to Rivendell, Mr. Anderson.
     ssh agent forwarding... - (malraux) - (26) - Feb. 28, 2013, 05:35:12 PM EST
         I only know what Google tells me... - (Another Scott) - (1) - Feb. 28, 2013, 07:47:03 PM EST
             No, that's the part I have working. - (malraux) - Feb. 28, 2013, 07:52:53 PM EST
         ssh -A remotehost - (folkert) - (10) - Feb. 28, 2013, 08:17:11 PM EST
             I already said that doesn't work. :-) -NT - (malraux) - (9) - Feb. 28, 2013, 08:13:42 PM EST
                 Fine have fun... its a config issue DISALLOWING IT. - (folkert) - (8) - Feb. 28, 2013, 08:19:14 PM EST
                     Er, what? - (malraux) - (7) - Feb. 28, 2013, 08:28:22 PM EST
                         Try here. - (Another Scott) - (1) - Feb. 28, 2013, 09:14:21 PM EST
                             Thanks anyways. :-) -NT - (malraux) - Feb. 28, 2013, 10:00:38 PM EST
                         Ok. - (folkert) - (4) - Feb. 28, 2013, 09:22:10 PM EST
                             If that doesn't help... - (folkert) - Feb. 28, 2013, 09:25:41 PM EST
                             Yes, all of those things are configured as described. - (malraux) - (2) - Feb. 28, 2013, 09:58:02 PM EST
                                 Now... ahh ha. - (folkert) - (1) - March 1, 2013, 12:34:30 AM EST
                                     Didn't find anything, but good idea. Thanks. -NT - (malraux) - March 1, 2013, 10:23:43 AM EST
         root on machine1 isnt the user anderson on github -NT - (boxley) - (9) - Feb. 28, 2013, 09:57:56 PM EST
             Doesn't matter. - (malraux) - (8) - Feb. 28, 2013, 10:00:22 PM EST
                 but that isn't what you posted - (boxley) - (7) - Feb. 28, 2013, 10:08:28 PM EST
                     Re: but that isn't what you posted - (malraux) - (3) - Feb. 28, 2013, 10:15:28 PM EST
                         never heard of /etc/init/autoforward.conf - (boxley) - (2) - Feb. 28, 2013, 10:32:58 PM EST
                             That's port forwarding, isn't it? - (malraux) - (1) - Feb. 28, 2013, 11:15:54 PM EST
                                 Yes it is... - (folkert) - March 1, 2013, 12:35:49 AM EST
                     Re: but that isn't what you posted - (malraux) - (2) - Feb. 28, 2013, 10:21:27 PM EST
                         Re: but that isn't what you posted - (mvitale) - (1) - March 1, 2013, 12:13:54 AM EST
                             The problem happens before that point. - (malraux) - March 1, 2013, 10:17:26 AM EST
         Good grief, man! - (pwhysall) - (1) - March 1, 2013, 01:48:21 AM EST
             You'd think so, wouldn't you. -NT - (malraux) - March 1, 2013, 10:17:40 AM EST
         the only thing else I can think of - (boxley) - March 1, 2013, 02:49:11 PM EST

You are delightfully evil. Come sit by me.
69 ms