I guess your problem is that the root ssh public key is not in somename's authorized_keys on machine C.
When you do 'sudo ssh someone@C' you're loading root's profile on the originating box, as if root was launching the ssh command, therefor ssh loads root's public key and tries to authenticate with it on machine C against your remote user's authorized keys.
-Ed
----- Original Message ----
> From: Iwan Vosloo <iwan@xxxxxxxxx>
> To: secureshell@xxxxxxxxxxxxxxxxx
> Sent: Thursday, June 19, 2008 5:21:46 AM
> Subject: Trouble with agent forwarding
>
> Hi.
>
> After an upgrade, we are having trouble with openssh and agent
> forwarding, and are stumped at trying to find the source of our
> troubles. Any pointers to help us debug would be appreciated:
>
>
> Previously, we had
> (a) developer workstations, with our ssh keys in the normal place:
> ~/.ssh/id_rsa{,.pub}
> (b) Prod machine B, with ~/.ssh/authorized_keys{,2}
> (containing the public keys of our developers).
> (c) Prod machine C, set up like B
>
> On developer boxes, we have /etc/ssh/ssh_config with the following
> (assume C is the domain name of the said production machines):
>
> Host C
> ForwardAgent yes
>
> With this setup, we were able to execute the following two commands from
> an ssh session to machine B:
>
> ssh C ls
> sudo ssh somename@C ls
>
> This was on Ubuntu Gutsy, with openssh version 1:4.6p1-5ubuntu0.5 and
> sudo version 1.6.8p12-5ubuntu2.
> Then we upgraded to Ubuntu Hardy, with openssh version
> 1:4.7p1-8ubuntu1.2 and sudo version 1.6.9p10-1ubuntu3.2.
>
> After the upgrade, we can still do
> ssh C ls
>
> But NOT
> sudo ssh somename@C ls
>
>
> Should it be possible to let agent forwarding work like this "through"
> sudo?
> Where do we go to search for the problem?
> It certainly was working before...
>
> Thanks
> - Iwan
__________________________________________________________________
Looking for the perfect gift? Give the gift of Flickr!
http://www.flickr.com/gift/
