SSH Forwarding Issue

nikolozka.sensorberg · July 25, 2022, 1:21pm

Hi,

I’m having a bit of a strange problem here, that I can’t seem to get around on my own.
I have balena-cli setup on my local machine that I use for development. I’m authenticated to my Balena account view the web authentication method and this works perfectly fine for me to develop on a local development device.
One of my other workflows involves ssh-ing to other remotes using an ssh key that lives in ~/.ssh/id_rsa . I can normally use this key just fine in combination with gitlab for example. The problem arises when I need to use agent forwarding (ForwardAgent yes in ~/.ssh/config). When I ssh into host A from my local machine using my key if I run ssh-add -L on the remote host it list the following key:
ssh-ed25519 XXXXXXXXXXXXXXXXXXXXXXXXXXXX Balena-cloud
I tried to look under all relevant directories that could contain this key (~/.ssh/ & /etc/ssh) for any reference to it but I can’t seem to find any reference to this anywhere.
Running ssh-add -L on my local machine also only lists my own keys that I expect to find.
Any help would be appreciated as this is messing up one of my important workflows - one of our internal tool relies on the correct key being forwarded.

mpous · July 28, 2022, 12:13pm

Hello @nikolozka.sensorberg welcome to the balena community!

Could you please confirm you have the ssh keys on the /mnt/boot/config.json file? more information here? Configuration - Balena Documentation

Let us know more details please!

nikolozka.sensorberg · July 28, 2022, 2:41pm

Hi, this is about the configuration on my local machine.
I have no problem connecting to Balena hosts both in local mode as well as over ssh.
balena ssh will actually pick up the correct SSH key that is in my .ssh/id_rsa
For some reason though when I run ssh -A abc.xyz.com (non balena host) and then subsequently run ssh-add -L on this remote host the result will be:
ssh-ed25519 XXXXXXXXXXXXXXXXXXXXXXXXXXXX Balena-cloud.
when i run ssh in verbose mode this is one of the output lines:
Will attempt key: Balena-cloud ED25519 SHA256:XXXXXXXXXXXXXXXX agent
Will attempt key: /Users/Username/.ssh/id_rsa ED25519 SHA256:XXXXXXXXXXXXXXX explicit
the second entry (/Users/Username/.ssh/id_rsa) is the key I actually need to use in my workflow
But I have no idea where the first key(Balena-cloud) is located and how to disable it from being picked up by my ssh.
There’s nothing on my local machine under /mnt. I’m on macOS os so there’s no /mnt whatsoever.

rcooke-warwick · August 3, 2022, 11:56am

Hey there, thanks for clarifying! So the forded agent seems to propogate the wrong key if I’ve understood correctly. Does the same thing happen if you set the IdentityFile in your ~/.ssh/config to the correct key? i.e

Host abc.com
  IdentityFile ~/.ssh/id_rsa
  ForwardAgent yes

rcooke-warwick · August 3, 2022, 12:00pm

Also adding IdentitiesOnly yes to the file along with the IdentityFile might also help

nikolozka.sensorberg · August 3, 2022, 12:57pm

Hey, Thank’s for the tip. Your suggestion didn’t help but it sent me down a path where I figured out the source of the problem, Turns out my password manager was providing the problematic key. After making some changes to the config file the problem went away.
This turned out not to be a Balena issue after all but your response still set me on the right path.

ramirogm · August 5, 2022, 1:39pm

Hi, good to hear that you managed to solve the issue and thanks for reporting it back.

Let us know if you need help with anything else!

Ramiro

Topic		Replies	Views
connecting to a local device using balena ssh Product support	4	241	September 23, 2022
SSH keys don't pass through from Balena UI to config.json (RPi 4) Product support raspberrypi4	3	524	September 7, 2021
SSH Agent Build Forwarding Product support	8	685	March 12, 2019
ssh login issues adding keys to balena balenaOS raspberrypi4	1	151	January 23, 2024
Balena ssh problem balenaOS ssh	2	342	June 8, 2023

SSH Forwarding Issue

Related topics