Add support for agent forwarding

[eskhool]

Passing -s "-A" to et does not forward ssh agent credentials which work otherwise. I was assuming ssh agent forwarding would work seamlessly with et?

Am I doing something wrong here?

If not, surprised this hasn't come up yet since I got here from mosh recommended by someone for exactly this purpose.

[MisterTea]

I think you need to do:

-s "-A myuser@myhost:myport"

You are missing the hostname/port part

[eskhool]

@MisterTea, I think this is the same problem of not using the ssh config mechanism. Is there no way you can bypass having to parse the ssh argument logic and let ssh do its thing for the initial connection? I have ssh agent setup with hosts and all and I don't really need to provide any parameters. Much like the username (for which luckily I have pasted a solution in the other issue)

[MisterTea]

@eskhool SSH should be using ssh_config, but etclient/etserver won't use it. So, whatever agent forwarding you have in ssh should work fine for the initial handshake. After that, you are using the et passkey so you shouldn't need agent forwarding.

[MisterTea]

Hey @eskhool is this still an issue?

[burgalon]

I'm still experiencing this, also with your suggestion of -s "-A myuser@myhost:myport" .
Can we reopen?

[MisterTea]

@burgalon Are you using the latest master code or the release?

[burgalon]

release 4.0.5 etclient. Help is showing -c should be available.

[MisterTea]

what happens when you use my suggestion above?

[burgalon]

when using your suggestion above, nothing appears different - same output as without the -c

[MisterTea]

I meant my suggestion for using -s to do ssh agent forwarding

[burgalon]

looking closer, it seems like -s is not working at all, as if it's not taking the arguments at all. doing -s '-p 8888' doesn't seem to kick in, and ssh is still connecting on the regular port. This is weird since I remember it was working (possibly on etclient 4.0.4?)

[MisterTea]

Maybe your et install has been corrupted somehow? Can you do a 'which et' and make sure it's using /usr/local/bin/et ? Also try to remove the package and reinstall and then check the timestamp to make sure the et launcher is up to date.

[burgalon]

I seemed to have installed versnion 3.0.6. I did brew uninstall --force et to remove all version and then again brew install MisterTea/et/et but -s still doesn't seem to work.
It seems like there's still something dirty in my configuration/installation, but I'm not sure how to check.

[MisterTea]

What does et --version say?

[burgalon]

➜  ~ et --version
etclient version 4.0.5

[MisterTea]

@burgalon -s is being removed in the next release. Instead, put any ssh options in your ssh_config file. When et calls ssh, the options are loaded by ssh already.

[burgalon]

from what it seems, the ssh config is also not taken. My .ssh/config has ForwardAgent yes which works well with regular ssh, but doesn't with et

[MisterTea]

@burgalon if you look at the et file, it's just a bash script that calls ssh. Can you debug on your side and see why it's not using your ssh config?

[burgalon]

For reference - mobile-shell/mosh#696

[donifer]

I'm having the same issue, my ~/.ssh/config looks like this:

Host *
    ForwardAgent yes
    AddKeysToAgent yes
    IdentityFile ~/.ssh/id_rsa

However I can't clone my private repos when I use et (permission denied). But if I ssh I can clone without issues, looks like ssh agent is not forwarding. Do you guys have an idea of what am I missing?

Client

macOS 10.13.6
❯ et --version
et version 5.1.8

Server

jessie
❯ et --version
et version 4.2.1

[MisterTea]

Adding agent forwarding here: #226

[isaacs]

Should this be working in 6.0.4?

I have 6.0.4 on my local macbook, and my linux server. I'm running et -f server to connect.

On the remote server, I can see:

$ echo $SSH_AUTH_SOCK
/tmp/et_forward_sock_nS3kix/sock

However, once there:

$ ssh localhost
isaacs@localhost: Permission denied (publickey).

Using just SSH alone, this works fine:

$ ssh izs.me
Krypton ▶ Requesting SSH authentication from phone
Krypton ▶ Success. Request Allowed ✔

...

Last login: Sat Nov 30 07:18:55 2019 from 73.189.145.159

izs:~ [email protected]
$ ssh localhost
Krypton ▶ Requesting SSH authentication from phone
Krypton ▶ Phone approval required. Respond using the Krypton app
Krypton ▶ Success. Request Allowed ✔
Welcome to Ubuntu 18.04.3 LTS (GNU/Linux 4.15.0-66-generic x86_64)

...

UPDATE: this works when using plain old fashioned text ssh keys, not when using krypton's IdentityAgent and ProxyCommand. I'll post a new issue about it.