Defer to SSH config files for ForwardAgent option

Currently, Nix passes `-a` when it runs commands on a remote machine via SSH, which disables agent forwarding. This causes issues when the `ForwardAgent` option is set in SSH config files, as the command line operation always overrides those. In particular, this causes issues if the command being run is `sudo` and the remote machine is configured with the equivalent of NixOS's `security.pam.enableSSHAgentAuth` option. Not allowing SSH agent forwarding can cause authentication to fail unexpectedly. This can currently be worked around by setting `NIX_SSHOPTS="-A"`, but we should defer to the options in the SSH config files to be least surprising for users.
author: Austin Kiekintveld <akiekintveld@icloud.com> 2022-10-22 19:51:22 -0500
committer: Austin Kiekintveld <akiekintveld@icloud.com> 2022-10-22 19:51:22 -0500
commit: 8e7804273cec1bb3fa05ce09a37f0732b71a72ec (patch)
tree: 04068deaffd728a5f10c9a19fde7ecd54eec3aff /src
parent: b3d2a05c59266688aa904d5fb326394cbb7e9e90 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/libstore/ssh.cc b/src/libstore/ssh.cc
index 1bbad71f2..69bfe3418 100644
--- a/src/libstore/ssh.cc
+++ b/src/libstore/ssh.cc
@@ -67,7 +67,7 @@ std::unique_ptr<SSHMaster::Connection> SSHMaster::startCommand(const std::string
         if (fakeSSH) {
             args = { "bash", "-c" };
         } else {
-            args = { "ssh", host.c_str(), "-x", "-a" };
+            args = { "ssh", host.c_str(), "-x" };
             addCommonSSHOpts(args);
             if (socketPath != "")
                 args.insert(args.end(), {"-S", socketPath});
author	Austin Kiekintveld <akiekintveld@icloud.com>	2022-10-22 19:51:22 -0500
committer	Austin Kiekintveld <akiekintveld@icloud.com>	2022-10-22 19:51:22 -0500
commit	8e7804273cec1bb3fa05ce09a37f0732b71a72ec (patch)
tree	04068deaffd728a5f10c9a19fde7ecd54eec3aff /src
parent	b3d2a05c59266688aa904d5fb326394cbb7e9e90 (diff)