I did some further testing based on your input. my ~/.ssh/config has the following lines: IdentityFile ~/.ssh/my.key ForwardAgent yes
Before the update to natty, it seemed like the agent would see that the passphrase for my.key was not cached and would pop up the pinentry program to obtain the passphrase. This seems to be where the breakage occurs. On a fresh login, ssh-add -l shows no keys. Executing "ssh user@box_a" contacts the agent (I am watching the agent with strace -p) but since the agent knows nothing about my.key, it does not bother running pinentry. SSH knows about the key (from ~/.ssh/config) and since the agent failed, it asks me for the passphrase. I enter it and all is good. However, since the agent knows nothing, the agent forwarding doesn't do any good. I can test this theory by manually running ssh-add ~/.ssh/my.key and entering the passphrase. Now ssh-add -l shows the key and "ssh user@box_a" works flawlessly. Further, once logged in to box_a I can "ssh user@box_b" and the forwarding works, since I can log in (box_b requires the key, and box_a does not have the key). Did something in the configuration requirements change for ssh-agent to obtain keys that ssh knows about from its config files? I did not have to run ssh-add ever before. Note: I have also just tested the following: ssh-add -D (erase all keys from the agent) ssh-add -c ~/.ssh/my.key ssh user@box_a In this instance, ksshaskpass pops up... so the agent appears to be able to execute programs similar to pinentry. I've verified the path for pinentry again, and verified that it does indeed execute and pop up a window by manually running it. $ ls -l /usr/bin/pinentry lrwxrwxrwx 1 root root 26 2010-02-14 16:15 /usr/bin/pinentry -> /etc/alternatives/pinentry $ ls -l /etc/alternatives/pinentry lrwxrwxrwx 1 root root 21 2011-01-25 09:27 /etc/alternatives/pinentry -> /usr/bin/pinentry-qt4 $ ls -l /usr/bin/pinentry-qt4 -rwxr-xr-x 1 root root 152792 2010-10-17 18:13 /usr/bin/pinentry-qt4 $ file /usr/bin/pinentry-qt4 /usr/bin/pinentry-qt4: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.15, stripped -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. https://bugs.launchpad.net/bugs/716026 Title: regression: ssh-agent running but not working -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
