Thank you.
>> We observe that the file /run/user/1000/openssh_agent is different
>> from /home/user/.SSH_AGENT_sshkeys. That may be a problem.
You seem to be running the "ssh-agent.service" in your work qube. This
is not part of the linked setup guide. There only one agent is running
and that is in the vault qube.
right, that was a remainder from various tests to debug. I killed it.
Actually, to revert everything to clean setup state, I restarted both
VM's, work and vault.
The "clients" (e.g. work qube) only redirect the communication via
socat, qubes RPC and the /home/user/.SSH_AGENT_vault file to the
ssh-agent in the vault qube.
thank you for clarification.
> Running the following command in the work qube should work:
> SSH_AUTH_SOCK=/home/user/.SSH_AGENT_vault ssh-add -L
error fetching identities: communication with agent failed
That is the answer, with a pop-up message from qubes "denied
qubes.SSHagent from work to vault". Something is odd ... now dom0 log
says "qrexec: qubes.SSHagent: work -> vault: denied: no matching rule
found". I re-checked, my /etc/qubes-rpc/policy/qubes.SSHagent says only
one line, namely
ssh-client vault ask
which I find odd (= I do not understand), since in the nomenclature of
the man-page, ssh-client=work not vault, right?
thank you, Bernhard
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/630f0a89-2af9-596a-58c7-c126b611fb78%40web.de.
