New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Salt SSH appends IdentityFile=agent-forwarding #49023

merged 1 commit into from Aug 9, 2018


None yet
4 participants

The-Loeki commented Aug 8, 2018

Salt SSH cannot authenticate when SSH agent is used.

What does this PR do?

Fix the problem by preventing invalid config option on CLI

Previous Behavior

When ssh_priv: agent-forwarding is defined in master opts, authentication fails.
This is due to Salt SSH launching with ssh -o IdentityFile=agent-forwarding, which doesn't exist as file (doh).
Might very well happen to priv: agent-forwarding in roster entries too, but haven' tested.

New Behavior

Authentication succeeds as the CLI option isn't filled anymore.

Please review Salt's Contributing Guide for best practices.

See GitHub's page on GPG signing for more information about signing commits with GPG.

Salt SSH appends IdentityFile=agent-forwarding
When you set `ssh_priv: agent-forwarding` in master.conf (or, untested, `priv: agent-forwarding` in roster), SSH agent authentication is supposed to be used.

However, Salt SSH launches with `ssh -o IdentityFile=agent-forwarding`. 
This file/dir can't be found (doh) and the connection fails.

@salt-jenkins salt-jenkins requested review from saltstack/team-core Aug 8, 2018

@rallytime rallytime merged commit a56bc7f into saltstack:2018.3 Aug 9, 2018

4 of 8 checks passed

continuous-integration/jenkins/pr-merge This commit cannot be built
jenkins/pr/py2-centos-7 The py2-centos-7 job has failed
jenkins/pr/py2-ubuntu-1604 The py2-ubuntu-1604 job has failed
jenkins/pr/py3-ubuntu-1604 The py3-ubuntu-1604 job has failed
WIP ready for review
jenkins/pr/docs The docs job has passed
jenkins/pr/lint The lint job has passed
jenkins/pr/py3-centos-7 The py3-centos-7 job has passed

@The-Loeki The-Loeki deleted the The-Loeki:patch-1 branch Aug 9, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment