I failed to configure AgentForwarding with PuTTY 🙁
PuTTY is newest 0.61 version. I have created public/private key pair for PuTTY, converted them to openssh format, added them to /root/.ssh/authorized_keys on both host1 and host2. On both hosts in /etc/ssh/sshd_config:
PermitRootLogin without-password
AuthorizedKeysFile %h/.ssh/authorized_keys
AllowAgentForwarding yes
On both hosts /root/.ssh/config contains
Host *
ForwardAgent yes
In PuTTY configuration, option Connection/SSH/Auth/Allow agent forwarding [x] is checked on.
Whan I'm running pagent.exe with loaded keyfile, I can connect to host1 and host2 without password. But when I am connected to host1 and try to ssh root@host2, I'm prompted for password. Variable $SSH_AUTH_SOCK is not set in my host1 session. What am I doing wrong?
Best Answer
Since $SSH_AUTH_SOCK is not set, its likely either a problem with putty/pagent, or sshd itself.
You can put sshd into debug mode easily enough. Log into the server (this can be safely done over ssh, as long as you remember to restart sshd after you are done) and stop sshd (via your init scripts). Then run:
/usr/sbin/sshd -Dddd
(-D for foreground mode, -ddd for verbose debugging)
Try to connect via putty again, and watch the output from sshd. If putty is sending the keys for agent forwarding, you should see something about auth-agent-req@openssh.com. If you don't see that, then putty is not properly sending the key along for agent forwarding/requesting agent forwarding.
That should narrow down where the issue lies. You can also run 'ssh -vvv' from host1 for verbose debugging output while trying to ssh to host2.
(At this point, please remember to ctrl+C the foreground sshd process and restart it from your init scripts, otherwise you'll be locked out of your server!)