SSH Forwarding Issue


I’m having a bit of a strange problem here, that I can’t seem to get around on my own.
I have balena-cli setup on my local machine that I use for development. I’m authenticated to my Balena account view the web authentication method and this works perfectly fine for me to develop on a local development device.
One of my other workflows involves ssh-ing to other remotes using an ssh key that lives in ~/.ssh/id_rsa . I can normally use this key just fine in combination with gitlab for example. The problem arises when I need to use agent forwarding (ForwardAgent yes in ~/.ssh/config). When I ssh into host A from my local machine using my key if I run ssh-add -L on the remote host it list the following key:
I tried to look under all relevant directories that could contain this key (~/.ssh/ & /etc/ssh) for any reference to it but I can’t seem to find any reference to this anywhere.
Running ssh-add -L on my local machine also only lists my own keys that I expect to find.
Any help would be appreciated as this is messing up one of my important workflows - one of our internal tool relies on the correct key being forwarded.

Hello @nikolozka.sensorberg welcome to the balena community!

Could you please confirm you have the ssh keys on the /mnt/boot/config.json file? more information here? Configuration - Balena Documentation

Let us know more details please!

Hi, this is about the configuration on my local machine.
I have no problem connecting to Balena hosts both in local mode as well as over ssh.
balena ssh will actually pick up the correct SSH key that is in my .ssh/id_rsa
For some reason though when I run ssh -A (non balena host) and then subsequently run ssh-add -L on this remote host the result will be:
when i run ssh in verbose mode this is one of the output lines:
Will attempt key: Balena-cloud ED25519 SHA256:XXXXXXXXXXXXXXXX agent
Will attempt key: /Users/Username/.ssh/id_rsa ED25519 SHA256:XXXXXXXXXXXXXXX explicit
the second entry (/Users/Username/.ssh/id_rsa) is the key I actually need to use in my workflow
But I have no idea where the first key(Balena-cloud) is located and how to disable it from being picked up by my ssh.
There’s nothing on my local machine under /mnt. I’m on macOS os so there’s no /mnt whatsoever.

Hey there, thanks for clarifying! So the forded agent seems to propogate the wrong key if I’ve understood correctly. Does the same thing happen if you set the IdentityFile in your ~/.ssh/config to the correct key? i.e

  IdentityFile ~/.ssh/id_rsa
  ForwardAgent yes

Also adding IdentitiesOnly yes to the file along with the IdentityFile might also help

Hey, Thank’s for the tip. Your suggestion didn’t help but it sent me down a path where I figured out the source of the problem, Turns out my password manager was providing the problematic key. After making some changes to the config file the problem went away.
This turned out not to be a Balena issue after all but your response still set me on the right path.

Hi, good to hear that you managed to solve the issue and thanks for reporting it back.

Let us know if you need help with anything else!