Xshell Forum

Solaris agent forwarding rejection

Last post: Thursday, January 15, 2015 2:03 AM by Kiwwiaq, 8 reply

 
Thursday, September 4, 2008 1:42 AM - Alex Forrow

Solaris agent forwarding rejection

 
I can't get agent forwarding working when connecting to Solaris 10 over SSH. This message is displayed as it connects.

WARNING! The remote SSH server rejected agent-forwarding request.

I have no problem with agent forwarding when connecting to Linux systems from XShell.

I have tried using 'ssh-agent' and PuTTY (with Pageant (PuTTY's own agent)) and they both work fine with Solaris 10.

Has anyone else experienced this issue, or know of a fix?

Kind regards,

Alex

Program Ver. : Xshell 3.0
Friday, September 5, 2008 10:16 AM - Support

Re: Solaris agent forwarding rejection

 
To help us better understand your problem, please send us the following information:

1. Version of your SSH server
2. In the Xshell session, turn on all SSH related trace options (Properties > Advanced > Trace) and send us the trace information. (It is the messages you see when you open a session.)

Hope to hear from you soon.


---
Technical Support


Did you know that Xshell and Xftp are free for home and school use? To find out more, please click here.
Monday, September 8, 2008 5:46 PM - Alex Forrow

Re: Re: Solaris agent forwarding rejection

 
Hi,

The SSH server shows as version Sun_SSH_1.1.

Here is the full trace output:

Connecting to xxx.xxx.xxx.xxx:4422...
Connection established.
Escape character is '^@]'.
[09:31:31] Version exchange initiated...
[09:31:31] server: SSH-2.0-Sun_SSH_1.1
[09:31:31] client: SSH-2.0-nsssh2_3.0.0010 NetSarang Computer, Inc.
[09:31:31] SSH2 is selected.
[09:31:31] Algorithm negotiation initiated...
[09:31:31] key exchange: diffie-hellman-group1-sha1
[09:31:31] host key: ssh-dss
[09:31:31] outgoing encryption: aes128-cbc
[09:31:31] incoming encryption: aes128-cbc
[09:31:31] outgoing mac: hmac-sha1
[09:31:31] incoming mac: hmac-sha1
[09:31:31] outgoing compression: zlib
[09:31:31] incoming compression: zlib
[09:31:31] Host authentication initiated...
[09:31:31] Hostkey fingerprint:
[09:31:31] ssh-dsa 1024 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
[09:31:31] Accepted. Verifying host key...
[09:31:31] Verified.
[09:31:31] User authentication initiated...
[09:31:31] Sent user name 'alex'.
[09:31:31] Server support public key authentication method.
[09:31:31] Trying to find ssh-agent...
[09:31:31] Xagent is running. Connecting to ssh-agent...
[09:31:31] Received 1 identity-blob(s) from ssh-agent.
[09:31:31] Trying next identity blob...
[09:31:31] Received PK_OK packet.
[09:31:31] Sent sign request to ssh-agent.
[09:31:31] Received a signature from ssh-agent.
[09:31:32] Access granted.

WARNING! The remote SSH server rejected agent-forwarding request.
Last login: Mon Sep 8 09:29:44 2008 from xxxxxxx
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
alex@tiger #

Hope that gives some insight.

Regards,
Alex Forrow
Friday, November 6, 2009 3:30 AM - Bill Cockerham

Re: Solaris agent forwarding rejection

 
The reason you are getting rejected is because the default setup on Solaris for SSH has all port forwarding turned off. The sshd_config will need to be edited to allow for port forwarding, and the ssh server restarted.
Monday, September 2, 2013 12:25 PM - Kiwwiaq

Re: Solaris agent forwarding rejection

 
It is not because of the server configuration. Port forwarding is on by default (currently - Solaris 11.1).

I checked all possible options for the server ...

In my opinion, Xshell ssh agent is not working correctly with SUN_SSH ...

If someone knows hot to, kindly write it here ...

BTW: Putty is working fine on the same server configuration.

Logs:
sshd config.txt -> sshd server config
putty agent.txt -> debug3 log from the ssh server using putty and putty agent
xshell agent.txt -> debug3 log from the ssh server using xshell and xagent
xshell logs.txt -> xshell software connection log
Attachment logs.zip (9.3 KB)  
Monday, September 2, 2013 10:59 PM - Support

Re: Solaris agent forwarding rejection

 
We acknowledge that this might be a problem in Xshell. We may have an issue when working with Solaris SSH agent forwarding.

I have reported the issue and our developers will review the issue.

---
Technical Support
Sunday, October 26, 2014 4:28 AM - Kiwwiaq

Re: Solaris agent forwarding rejection

 
Hi,

Are there any new in this ?

Kind regards,
Ivan
Tuesday, October 28, 2014 12:40 AM - OB

Re: Solaris agent forwarding rejection

 
Have you tried with the latest release?
Thursday, January 15, 2015 2:03 AM - Kiwwiaq

Re: Solaris agent forwarding rejection

 
I had no chance to try this with the latest release of version 4 or version 5. I`ll try and let you know.

This issues is not fixed like more than 5 years right now and I really do not believe, that it will be fixed.