I may be being a bit thick here, but if you reduce your command line, by removing the -o and -i options, it says: >> ssh "" "/bin/sh -c 'git clone git at bitbucket.org:bryan_picsolve/poc_docker.git /home/vagrant/poc_dockerddd? " which is the equivalent to ssh "" "command" Is using an empty hostname documented as something that is meant to work? I suspect the hostname is simply being merged into the command, and you are doing ssh command which is failing. Alex On 10 Jan 2014, at 10:16, bryan hunt wrote: > But it isn?t. > > "/bin/sh -c 'git clone git at bitbucket.org:bryan_picsolve/poc_docker.git /home/vagrant/poc_dockerddd? ? is not interpreted as the hostname, it is executed as a remote command, but without SSH agent working. > > Anyhow, I?m not here to demand a better command line argument parser, merely to verify the behaviour so I can help to resolve the problems that Ansible are having. > > But thank you for the help. > > Bryan > > > On 9 Jan 2014, at 20:12, Markus Friedl <mfriedl at gmail.com> wrote: > >> This is due to ssh's flexible argument parsing. If you skip the hostname, them something else is interpreted as the hostname. >> >> >> >> >>> Am 09.01.2014 um 18:43 schrieb bryan hunt <picsolvebryan at gmail.com>: >>> >>> Yes, called as you describe, SSH works correctly (it Forwards Agent). Quirky! >>> >>> But, called the way I was doing, everything but Agent Forwarding works. >>> >>> Strange. Looking further, I found another odd behaviour. >>> >>> ssh -o User=vagrant -o Hostname=127.0.0.1 -p 2222 -o Compression=yes -o StrictHostKeyChecking=no -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o IdentitiesOnly=yes -i /Users/bryanhunt/.vagrant.d/insecure_private_key -o ForwardAgent=yes -o LogLevel=DEBUG "" "/bin/sh -c 'git clone git at bitbucket.org:bryan_picsolve/poc_docker.git /home/vagrant/poc_dockerddd? " >>> >>> Note how I added the empty quoted string in the hostname position. >>> >>> SSH Agent Forwarding works if I add that empty quoted string. >>> >>> If I remove the empty quoted string, the git checkout is executed, but prompts for authentication. >>> >>> I would expect SSH to completely succeed, or completely fail to execute the command - rather than have the side channel (SSH agent) fail or succeed based upon how I express the command line arguments. >>> >>> This is a stock version of the ssh command on OSX. >>> >>> The checksum is: >>> >>> MD5 (/usr/bin/ssh) = 35caacee333ebae93d4087ca349738e4 >>> >>> Perhaps another OSX user could verify this behaviour? >>> >>> Regards, >>> >>> Bryan Hunt >>> >>> >>>> On 9 Jan 2014, at 17:21, Markus Friedl <mfriedl at gmail.com> wrote: >>>> >>>> You pass it as an option. >>>> >>>> But ssh is called like >>>> >>>> $ ssh [options] hostname [command] >>>> >>>> >>>> >>>> >>>> >>>>> Am 09.01.2014 um 16:21 schrieb bryan hunt <picsolvebryan at gmail.com>: >>>>> >>>>> >>>>> I don?t understand, in the second example, "ssh -o HostName=127.0.0.1 ?, is the very first argument to the program? >>>>> >>>>> >>>>> >>>>>> On 9 Jan 2014, at 13:21, Markus Friedl <mfriedl at gmail.com> wrote: >>>>>> >>>>>> The 2nd example misses the required hostname argument. >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>> Am 09.01.2014 um 13:32 schrieb bryan hunt <picsolvebryan at gmail.com>: >>>>>>> >>>>>>> >>>>>>> Trying to get SSH agent forwarding working for a popular open source configuration management system called Ansible. >>>>>>> >>>>>>> I?ve had some unexpected behaviour, the only cause of which I can find is how I express the command line arguments. >>>>>>> >>>>>>> http://stackoverflow.com/questions/20952689/vagrant-ssh-agent-forwarding-how-is-it-working?noredirect=1#comment31511341_20952689 >>>>>>> >>>>>>> In summarise: >>>>>>> >>>>>>> In the first instance I can create a SSH connection, and and execute a remote git clone (via SSH), the Agent Forwarding works, and I am not prompted for credentials: >>>>>>> >>>>>>> ssh vagrant at 127.0.0.1 -p 2222 \ >>>>>>> -o Compression=yes \ >>>>>>> -o StrictHostKeyChecking=no \ >>>>>>> -o LogLevel=FATAL \ >>>>>>> -o StrictHostKeyChecking=no \ >>>>>>> -o UserKnownHostsFile=/dev/null \ >>>>>>> -o IdentitiesOnly=yes \ >>>>>>> -i /Users/bryanhunt/.vagrant.d/insecure_private_key \ >>>>>>> -o ForwardAgent=yes \ >>>>>>> "/bin/sh -c 'git clone git at bitbucket.org:bryan_picsolve/poc_docker.git /home/vagrant/poc_dockera' " >>>>>>> Cloning into '/home/vagrant/poc_dockera'... >>>>>>> >>>>>>> In the second instance I express the arguments differently ( -o HostName=127.0.0.1 -o User=vagrant ), and Agent Forwarding doesn?t seem to work: >>>>>>> >>>>>>> ssh -o HostName=127.0.0.1 -o User=vagrant -p 2222 \ >>>>>>> -o Compression=yes \ >>>>>>> -o StrictHostKeyChecking=no \ >>>>>>> -o LogLevel=FATAL \ >>>>>>> -o StrictHostKeyChecking=no \ >>>>>>> -o UserKnownHostsFile=/dev/null \ >>>>>>> -o IdentitiesOnly=yes \ >>>>>>> -i /Users/bryanhunt/.vagrant.d/insecure_private_key \ >>>>>>> -o ForwardAgent=yes \ >>>>>>> "/bin/sh -c 'git clone git at bitbucket.org:bryan_picsolve/poc_docker.git /home/vagrant/poc_dockerb' " >>>>>>> /bin/sh -c 'git clone git at 127.0.0.1's password: >>>>>>> >>>>>>> The client side SSH is: >>>>>>> >>>>>>> OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011 >>>>>>> >>>>>>> The server side SSH is: >>>>>>> >>>>>>> OpenSSH_5.9p1 Debian-5ubuntu1.1, OpenSSL 1.0.1 14 Mar 2012 >>>>>>> >>>>>>> >>>>>>> Have any of the list members got an insight into this behaviour ? >>>>>>> >>>>>>> Thanks in advance, >>>>>>> >>>>>>> Bryan Hunt >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> openssh-unix-dev mailing list >>>>>>> openssh-unix-dev at mindrot.org >>>>>>> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev >>> >>> _______________________________________________ >>> openssh-unix-dev mailing list >>> openssh-unix-dev at mindrot.org >>> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev > > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev > > -- Alex Bligh
