Enable SSH Agent (Key) Forwarding on Snow Leopard
I’m using Git and Capistrano to deploy some ruby applications on multiple servers. My Git setup is done with gitosis which uses a key based authentication over ssh. The deployment script logs into the remote servers and checks out the current application version via Git.
Now to have this working, one must forward the private key, used to authenticate with git, to the server which does the checkout. This is done by the ssh-agent process, which whom you can register your keys by running the command ssh-add.
After switching to Snow Leopard, my deployment script stopped working, because somehow the ssh key didn’t get forwarded to the server and I was presented with a login prompt: “Enter password for git@git.gitserver.local:”. Of course I don’t have a password, because gitosis uses key based authentication only.
To make a long story short, Snow Leopard ships with key forwarding disabled by default and you will have to modify the file /etc/ssh_config to get it working.
Just change the lines
# ForwardAgent no
into
ForwardAgent yes
and you are good.
i’m unfamiliar with terminal. how do I change the lines? terminal? I apologize for the ignorance.
thanks
mritel.
@cass you will need to have a text editor tied into terminal to edit them from the terminal. I have textwrangler setup so I type “edit /etc/ssh_config” and then textwrangler opens. If you use Textmate then the normal command is “mate /etc/ssh_config”
Hi,
Brief summary of my issues:
From home I conncect using ssh keys (with passwords) to my work desktop(s). From there I connect to some of my work servers. This all worked when my work computers where running 10.5.x
Now that the work computers have been upgraded to 10.6.1, I can connect to the work computers from home, but once I try to connect to a server I get prompted for my passphrase for my key.
I modified my /etc/ssh_config file to read:
Host *
ForwardAgent yes
(note I had the ForwardAgent set correctly, but needed to un-comment the Host *)
I disconnected from from my work computer. Reconnected, but still prompted for my passphrase:
Enter passphrase for key ‘/Users/xxx/.ssh/id_rsa’:
Any suggestions? Do I need to restart the sshd service?
Thanks!!
John
John:
You may need to add your passphrases to the Apple keychain. In the terminal, type:
ssh-add -K ~/.ssh/id_rsa
Or whatever the path to your private key is. Do this for each key. This will put the passphrase in the Apple keychain and you will not be prompted for passphrases. If you do not have a key in the default file (id_rsa or id_dsa), the Apple mechanisms do not seem to automatically prompt you for your passphrases.
That worked for me.
Best wishes,
Alan
What threw me off was that I was applying for a software trainer position. ,
Alan,
your comment helped me so much.
Been struggling all afternoon with ssh + svn.
That did it for me.
Thanks,
-Jim
Thanks very much! It’s been driving me mad. The adding passphrases to the keychain fixed it for me.
Nice share, Here are some free xxx passwords for yall guys
sharing back : http://www.mediafire.com/?4g933iligak1c5a
[...] of the error isn’t returning much– I changed the /etc/sshd_config file on my Mac as per http://www.schmidp.com/2009/06/23/enable-ssh-agent-key-forwarding-on-snow-leopard/. I still get the same [...]
[...] of the error isn’t returning much– I changed the /etc/sshd_config file on my Mac as per http://www.schmidp.com/2009/06/23/enable-ssh-agent-key-forwarding-on-snow-leopard/. I still get the same [...]
Adding another solution to this problem. It took me a while to realize that I was using the macports openssh instead of the version shipped with OSX. To fix it I had to edit the macports ssh config file /opt/local/etc/ssh/ssh_config instead of the mac version under /etc/ssh/ssh_config
Terrific work! That is the kind of info that are supposed to be shared across the internet. Disgrace on Google for now not positioning this publish upper! Come on over and seek advice from my site . Thank you =)
to save the issue with different versions of openssh and possibly breaking with OS updates, rather than edit /etc/ssh_config
just edit ~/.ssh/config (you may need to create it) and add this line to it: ForwardAgent yes
and once the key has been added it will all work correctly regardless of which ssh version you are using or if you upgrade your OS
[...] of the error isn’t returning much– I changed the /etc/sshd_config file on my Mac as per http://www.schmidp.com/2009/06/23/enable-ssh-agent-key-forwarding-on-snow-leopard/. I still get the same [...]
As far as I can tell, the only important thing to do other than ordinary plain vanilla ssh setup, is that at least on lion you need to
ssh-add
to get ssh -A to work.
@rfay
ssh-add was what I needed to do. I had a the line for AgentFoward in my ~/.ssh/config file but, it somehow still wasn’t working. This fixed it. Thanks.
@rfay thanks dude! exactly what I needed workin’ with Mountain Lion.
Thank you @rfay! This is exactly what you need if you’re running Mountain Lion.
Altering /etc/ssh_config is bad advice. That file is managed by the operating system and the contents might change at Apple’s leisure. Plus, not every user on your system might want this behaviour.
Instead, ssh behaviour should be customised by creating/editing ~/.ssh/config. Doing it that way also means that MacPort’s OpenSSH will pick up on it and apply the same settings.
You can also enable Agent Forwardin by adding -A to the ssh command:
http://developer.apple.com/library/mac/#documentation/Darwin/Reference/ManPages/man1/ssh.1.html
I have a serious professional matter “coming to a head” with a client whom I believe also has some mental health issues. Fr. Z., I’ll offer up my Chaplet for your petition.AMDG!