OpenSSH - 是 ssh-agent 转发吗?
OpenSSH - Is it ssh-agent forwarding?
我正在尝试调试 CPU 变高的 OpenSSH 问题。但在此之前,我想确认此连接是否使用了 SSH-Agent 转发功能。以下是分配了两个通道的子 SSH 服务器的核心转储。
channels[1] 似乎正在与 ssh-agent 对话。
我需要以下方面的帮助:
1) As I know ssh-agent talks to SSH client, however here it seems to
be talking to SSH server. Can we say that we have ssh-agent forwarding
in role?
2) What can I do to reproduce this scenario?
3) Anything else that you may want to kindly tell me about from the
data given.
(gdb) p *channels[0]
type = 0x4,
self = 0x0,
remote_id = 0x0,
istate = 0x0,
ostate = 0x3,
flags = 0x0,
rfd = 0xd,
wfd = 0xffffffff,
efd = 0xffffffff,
sock = 0xffffffff,
ctl_chan = 0xffffffff,
isatty = 0x1,
client_tty = 0x0,
path = 0x0,
listening_port = 0x0,
listening_addr = 0x0,
host_port = 0x0,
remote_name = 0xb0f2e4a0 "server-session",
ctype = 0x187df64 "session",
open_confirm = 0,
open_confirm_ctx = 0x0,
detach_user = 0x1855650 <session_close_by_channel>,
detach_close = 0x1,
=============================
(gdb) p *channels[1]
type = 0x6,
self = 0x1,
remote_id = 0xffffffff,
istate = 0x0,
ostate = 0x0,
flags = 0x0,
rfd = 0x9,
wfd = 0x9,
efd = 0xffffffff,
sock = 0x9,
ctl_chan = 0xffffffff,
path = 0xb0f2e7a0 "/tmp/ssh-00015945aa/agent.15945",
listening_port = 0x0,
listening_addr = 0x0,
host_port = 0x0,
remote_name = 0xb0f2e720 "auth socket",
ctype = 0x187d92c "auth socket"
1) As I know ssh-agent talks to SSH client, however here it seems to be talking to SSH server. Can we say that we have ssh-agent forwarding in role?
反之。客户与代理交谈。如果您将套接字转发到服务器,则该服务器上的其他客户端可以与您计算机上的代理通信。
就是这样。服务器只有转发认证套接字的作用。
2) What can I do to reproduce this scenario?
启动ssh-agent并使用ssh -A server发起与代理转发的连接。
3) Anything else that you may want to kindly tell me about from the data given.
(gdb) p *channels[0]
type = 0x4, /* SSH_CHANNEL_OPEN -- shell or command */
(gdb) p *channels[1]
type = 0x6, /* SSH_CHANNEL_AUTH_SOCKET -- ssh-agent forwarding */
对,就是代理转发
我正在尝试调试 CPU 变高的 OpenSSH 问题。但在此之前,我想确认此连接是否使用了 SSH-Agent 转发功能。以下是分配了两个通道的子 SSH 服务器的核心转储。 channels[1] 似乎正在与 ssh-agent 对话。
我需要以下方面的帮助:
1) As I know ssh-agent talks to SSH client, however here it seems to be talking to SSH server. Can we say that we have ssh-agent forwarding in role?
2) What can I do to reproduce this scenario?
3) Anything else that you may want to kindly tell me about from the data given.
(gdb) p *channels[0]
type = 0x4,
self = 0x0,
remote_id = 0x0,
istate = 0x0,
ostate = 0x3,
flags = 0x0,
rfd = 0xd,
wfd = 0xffffffff,
efd = 0xffffffff,
sock = 0xffffffff,
ctl_chan = 0xffffffff,
isatty = 0x1,
client_tty = 0x0,
path = 0x0,
listening_port = 0x0,
listening_addr = 0x0,
host_port = 0x0,
remote_name = 0xb0f2e4a0 "server-session",
ctype = 0x187df64 "session",
open_confirm = 0,
open_confirm_ctx = 0x0,
detach_user = 0x1855650 <session_close_by_channel>,
detach_close = 0x1,
=============================
(gdb) p *channels[1]
type = 0x6,
self = 0x1,
remote_id = 0xffffffff,
istate = 0x0,
ostate = 0x0,
flags = 0x0,
rfd = 0x9,
wfd = 0x9,
efd = 0xffffffff,
sock = 0x9,
ctl_chan = 0xffffffff,
path = 0xb0f2e7a0 "/tmp/ssh-00015945aa/agent.15945",
listening_port = 0x0,
listening_addr = 0x0,
host_port = 0x0,
remote_name = 0xb0f2e720 "auth socket",
ctype = 0x187d92c "auth socket"
1) As I know ssh-agent talks to SSH client, however here it seems to be talking to SSH server. Can we say that we have ssh-agent forwarding in role?
反之。客户与代理交谈。如果您将套接字转发到服务器,则该服务器上的其他客户端可以与您计算机上的代理通信。
就是这样。服务器只有转发认证套接字的作用。
2) What can I do to reproduce this scenario?
启动ssh-agent并使用ssh -A server发起与代理转发的连接。
3) Anything else that you may want to kindly tell me about from the data given.
(gdb) p *channels[0]
type = 0x4, /* SSH_CHANNEL_OPEN -- shell or command */
(gdb) p *channels[1]
type = 0x6, /* SSH_CHANNEL_AUTH_SOCKET -- ssh-agent forwarding */
对,就是代理转发