ssh ignores ssh-agent

Question

I'm using a new system and ssh is ignoring my ssh-agent. Note I've been doing this for years elsewhere, it is not a new thing I am confused about. With bash:

> echo $SSH_AGENT_PID
1234
> echo $SSH_AUTH_SOCK
/tmp/ssh-foo/agent.1234
> ps -p 1234
  PID TTY          TIME CMD
 1234 pts/12   00:00:01 ssh-agent

So, ssh-agent is clearly running and the appropriate environment variables are in place. I've also verified the socket is actually there.

> ssh-add key
Enter passphrase for key: [done]
Identity successfully added.
> ssh-add -l
1024 SHA256:[blah] key

So the key has been added. But:

> ssh -i key me@there
Enter passphrase for key:

PARDON?

I've diff'd /etc/ssh/ssh_config with one from my previous system (!#$% upgrading...) and they are identical. According to the distro (fedora 23) package meta-info this one is openSSH version 7.1p1, previous installs I've used are no newer than 6.6.

The problem doesn't exist for all users, leading me to believe it might be some new security feature. Does anyone know what's up?

Can you add any relevant output from ssh -vvv ...? It may have clues as to why it refused to read from the agent. — Jeff Schaller, Nov 24 '15 at 16:42
@JeffSchaller That solved it -- it is a new feature (see my answer). — goldilocks, Nov 24 '15 at 17:02

score 3 · Accepted Answer · answered Nov 24 '15 at 17:02

It is a new feature, presumably for 7.x. It required adding the key type to /etc/ssh_config using this option:

PubkeyAcceptedKeyTypes +ssh-dss

RSA keys are accepted by default (see man ssh_config), which is why it worked in one case but not another (being root was a red herring factor and I've removed this from the question).

Note again that option is not in my previous ssh_config nor in the corresponding man page (openssh v. 6.6).

ssh ignores ssh-agent

1 Answers1

Linked