Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature/export ssh auth sock #1307

Closed
wants to merge 3 commits into from

Conversation

magec
Copy link

@magec magec commented Jan 10, 2013

When using puppet/chef providers a sudo is issued from inside the vm. The thing is that if SSH_AUTH_SOCK is not set once in sudo, ssh-agent-forwarding will not work. This is due to the fact that sudo erases the environment unless set otherwise in sudoers file.

Given that there is a configuration variable to set agent forwarding, and that we can not make any asumptions of how /etc/sudoers is configured, it makes sense to correctly export that variable when we are using sudo and agent forwarding is set in the Vagrant file.

@mitchellh
Copy link
Contributor

Woohoo, this looks really good. One question: What happens if SSH_AUTH_SOCK is not set on the user's machine? Should we just ignore probably? or warn?

@magec
Copy link
Author

magec commented Jan 31, 2013

I added a warning message so the user is warned. This would happen when no agent forwarding was allowed in ssh conf, for example. Feel free to change it according wuth you style gudielines. Thanks for vagrant by the way!!

@patcon
Copy link

patcon commented May 25, 2013

👍

@bryannielsen
Copy link

Is this going to be merged in soon? Would be great to have this fixed :-)

@parshap
Copy link

parshap commented Jul 18, 2013

👍

This is a great fix to the agent forwarding problem because it doesn't require a change to the /etc/sudoers file on the remote machine.

@mitchellh
Copy link
Contributor

This has finally been merged! :) I made some modifications to how SSH_AUTH_SOCK is read due to some discoveries of bugs in similar code that have since been fixed in Vagrant. Feel free to take a look:

1071a09f61f81c7983f06788355814fc57994bc4

@mitchellh mitchellh closed this Jul 23, 2013
mparker17 pushed a commit to mparker17/vagrant-drupal8 that referenced this pull request Aug 13, 2013
@glensc
Copy link
Contributor

glensc commented Aug 27, 2013

this is broken. in my setup printf is called with no arguments, and resulting an printf error. if printf is used at least format %s must be specified to avoid printf error!

$ vagrant halt
[default] Attempting graceful shutdown of VM...
The following SSH command responded with a non-zero exit status.
Vagrant assumes that this means the command failed!

echo; printf $SSH_AUTH_SOCK

Stdout from the command:




Stderr from the command:

printf: usage: printf [-v var] format [arguments]
$ echo $SSH_AUTH_SOCK
/tmp/ssh-HmdUVQuzne/agent.1850
$ grep forward Vagrantfile
  config.ssh.forward_agent = true

@glensc
Copy link
Contributor

glensc commented Aug 27, 2013

the actual problem why forwarding did not work, was that /tmp was not accessible to vagrant user. but imho "printf format vulnreability" should be fixed anyway (btw, why printf not just echo?)

guest# ls -la /tmp
total 4
drwxr-x---  3 root root   22 aug   27 22:37 ./
drwxr-xr-x 25 root root 4096 aug   27 22:35 ../
drwxrwxrwt  2 root root    6 aug   27 22:35 .ICE-unix/
guest# chmod a+rwX,o+t /tmp
guest# 

@ghost ghost locked and limited conversation to collaborators Apr 12, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants