New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Configure to skip ssh-agent connection attempt..? #137

Closed
SFEley opened this Issue Dec 18, 2013 · 2 comments

Comments

Projects
None yet
3 participants
@SFEley
Contributor

SFEley commented Dec 18, 2013

So we have a monitoring program that periodically logs into numerous EC2 instances to examine their running processes. This is on an Ubuntu server that does not have ssh-agent running. Our application is working okay, but the standard error is being filled with spurious failure messages because every authentication is starting with an attempt to instantiate the agent connection:

E, [2013-12-18T23:21:14.754919 #7918] ERROR -- net.ssh.authentication.agent[3fc74dddb93c]: could not connect to ssh-agent
E, [2013-12-18T23:21:14.756027 #7918] ERROR -- net.ssh.authentication.agent[3fc74dde51e4]: could not connect to ssh-agent
E, [2013-12-18T23:21:14.758084 #7918] ERROR -- net.ssh.authentication.agent[3fc74de10e48]: could not connect to ssh-agent
E, [2013-12-18T23:21:14.759212 #7918] ERROR -- net.ssh.authentication.agent[3fc74de19430]: could not connect to ssh-agent
E, [2013-12-18T23:21:14.760102 #7918] ERROR -- net.ssh.authentication.agent[3fc74de649d0]: could not connect to ssh-agent
E, [2013-12-18T23:21:14.761027 #7918] ERROR -- net.ssh.authentication.agent[3fc74de6838c]: could not connect to ssh-agent
E, [2013-12-18T23:21:14.761942 #7918] ERROR -- net.ssh.authentication.agent[3fc74de72e40]: could not connect to ssh-agent
E, [2013-12-18T23:21:14.762808 #7918] ERROR -- net.ssh.authentication.agent[3fc74de7ddb8]: could not connect to ssh-agent
E, [2013-12-18T23:21:15.556585 #7918] ERROR -- net.ssh.authentication.agent[3fc74ed0b5c4]: could not connect to ssh-agent
E, [2013-12-18T23:21:15.751151 #7918] ERROR -- net.ssh.authentication.agent[3fc74d6d0c14]: could not connect to ssh-agent
E, [2013-12-18T23:21:15.791451 #7918] ERROR -- net.ssh.authentication.agent[3fc74d6e03f8]: could not connect to ssh-agent
E, [2013-12-18T23:21:15.792592 #7918] ERROR -- net.ssh.authentication.agent[3fc74d6e9ee4]: could not connect to ssh-agent
E, [2013-12-18T23:21:15.797369 #7918] ERROR -- net.ssh.authentication.agent[3fc74d6ec4b4]: could not connect to ssh-agent

(repeat a few dozen times every couple of minutes)

I’ve examined the code and the RDocs and I know that Net::SSH::Authentication::KeyManager has a public use_agent attribute. However, it’s always initialized as true, and because a new KeyManager is instantiated for every authentication session, I can’t figure out where the user (i.e. me) has any opportunity to set that attribute to false. So it’s always trying and failing once, and our stderr keeps accumulating these messages.

So my questions:

  1. Am I missing something that could be used to disable the agent connection attempt?
  2. For that matter, is there a reason why the :keys_only session option doesn’t just bypass talking to ssh-agent entirely?
  3. Would a patch to either introduce a new user-level :use_agent option (defaulting to true) and/or cause the :keys_only option to disable agent connection be considered?

Thanks for your time and consideration.

@delano delano closed this in 29eb94d Feb 1, 2014

delano added a commit that referenced this issue Feb 1, 2014

Merge pull request #138 from SFEley/master
Don't use ssh-agent if :keys_only is true (fixes #137)
@delano

This comment has been minimized.

Collaborator

delano commented Feb 1, 2014

And thanks for the pull request. Feel free to open it again if it persists.

@mfazekas

This comment has been minimized.

Collaborator

mfazekas commented Apr 5, 2014

This is not the right fix, we don't want to disalbe ssh-agent with keys_only as this is coming from IdentitiesOnly yes in users ~/.ssh/config. We probably need a separate option to disable ssh-agent. See #148

mfazekas added a commit to mfazekas/net-ssh that referenced this issue Apr 5, 2014

IdentiesOnly will not disable ssh_agent as it's not supposed to, a ne…
…w option :use_agent provided for disabling agent. Fix net-ssh#148 with another fix for net-ssh#137.

delano added a commit that referenced this issue Apr 6, 2014

Merge pull request #159 from mfazekas/281_ssh_config_fix_for_public_k…
…ey_auth

IdentiesOnly will not disable ssh_agent as it's not supposed to - fixing #148 by new fix for #137

@mfazekas mfazekas closed this Mar 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment