Search code examples
sshssh-keysopensshssh-tunnel

OpenSSH - Is it ssh-agent forwarding?

I am trying to debug an OpenSSH issue in which CPU goes high. But before that I want to confirm if SSH-Agent forwarding feature has been used for this connection. Following is core-dump of child SSH server which has allocated two channels. channels[1] seems to be talking to ssh-agent.

I need help in following:

1) As I know ssh-agent talks to SSH client, however here it seems to be talking to SSH server. Can we say that we have ssh-agent forwarding in role?

2) What can I do to reproduce this scenario?

3) Anything else that you may want to kindly tell me about from the data given.

(gdb) p *channels[0]
      type = 0x4,
      self = 0x0,
      remote_id = 0x0,
      istate = 0x0,
      ostate = 0x3,
      flags = 0x0,
      rfd = 0xd,
      wfd = 0xffffffff,
      efd = 0xffffffff,
      sock = 0xffffffff,
      ctl_chan = 0xffffffff,
      isatty = 0x1,
      client_tty = 0x0,
      path = 0x0,
      listening_port = 0x0,
      listening_addr = 0x0,
      host_port = 0x0,
      remote_name = 0xb0f2e4a0 "server-session",
      ctype = 0x187df64 "session",
      open_confirm = 0,
      open_confirm_ctx = 0x0,
      detach_user = 0x1855650 <session_close_by_channel>,
      detach_close = 0x1,
    =============================
(gdb) p *channels[1]
      type = 0x6,
      self = 0x1,
      remote_id = 0xffffffff,
      istate = 0x0,
      ostate = 0x0,
      flags = 0x0,
      rfd = 0x9,
      wfd = 0x9,
      efd = 0xffffffff,
      sock = 0x9,
      ctl_chan = 0xffffffff,
      path = 0xb0f2e7a0 "/tmp/ssh-00015945aa/agent.15945",
      listening_port = 0x0,
      listening_addr = 0x0,
      host_port = 0x0,
      remote_name = 0xb0f2e720 "auth socket",
      ctype = 0x187d92c "auth socket"
Solution

  • 1) As I know ssh-agent talks to SSH client, however here it seems to be talking to SSH server. Can we say that we have ssh-agent forwarding in role?

    It is the other way. The client talks to the agent. If you forward the socket to the server, then other clients on that server can talk to the agent on you computer.

    That's all. The server has there the only role of forwarding authentication socket.

    2) What can I do to reproduce this scenario?

    Start ssh-agent and the use ssh -A server to initiate connection with agent forwarding.

    3) Anything else that you may want to kindly tell me about from the data given.

    (gdb) p *channels[0]
  type = 0x4, /* SSH_CHANNEL_OPEN -- shell or command */

(gdb) p *channels[1]
  type = 0x6, /* SSH_CHANNEL_AUTH_SOCKET -- ssh-agent forwarding */

    Yes, that is agent forwarding.