Hi,
Starting today, Cloud VPS hosts no longer support forwarding in your SSH agent[0]. This should not break any modern setups, but in case your access is impacted by this change, please see the documentation on Wikitech[1] on what to use instead. This change is being done due to the security risks that SSH agent forwarding have, especially in shared environments like Cloud VPS.
[0]: https://docs.github.com/en/authentication/connecting-to-github-with-ssh/usin... [1]: https://wikitech.wikimedia.org/wiki/Help:Accessing_Cloud_VPS_instances
Taavi
Hi,
I have to use PuTTY on Windows 11 for SSH from bastion-eqiad1-5 to taxonbot4.dwl.eqiad1.wikimedia.cloud - that's why I needed a SSH agent.
I know no other way to ssh a session than PuTTY. What can I do know to get access? I have to work on bot codes.
Kind regards Martin
Taavi Väänänen taavi@wikimedia.org schrieb am Di., 14. Okt. 2025, 16:34:
Hi,
Starting today, Cloud VPS hosts no longer support forwarding in your SSH agent[0]. This should not break any modern setups, but in case your access is impacted by this change, please see the documentation on Wikitech[1] on what to use instead. This change is being done due to the security risks that SSH agent forwarding have, especially in shared environments like Cloud VPS.
Taavi
-- Taavi Väänänen (he/him) Site Reliability Engineer, Cloud Services Wikimedia Foundation _______________________________________________ Cloud-announce mailing list -- cloud-announce@lists.wikimedia.org List information: https://lists.wikimedia.org/postorius/lists/cloud-announce.lists.wikimedia.o...
Hi Martin,
PuTTY supports a proxy setting, which allows you to proxy the connection to the VM via bastion, without setting two separate SSH connections. https://superuser.com/questions/1448180/how-to-setup-proxy-jump-with-putty should cover that.
Martin
On Tue, Oct 14, 2025 at 5:28 PM Martin Domdey dr.taxon@gmail.com wrote:
Hi,
I have to use PuTTY on Windows 11 for SSH from bastion-eqiad1-5 to taxonbot4.dwl.eqiad1.wikimedia.cloud - that's why I needed a SSH agent.
I know no other way to ssh a session than PuTTY. What can I do know to get access? I have to work on bot codes.
Kind regards Martin
Taavi Väänänen taavi@wikimedia.org schrieb am Di., 14. Okt. 2025, 16:34:
Hi,
Starting today, Cloud VPS hosts no longer support forwarding in your SSH agent[0]. This should not break any modern setups, but in case your access is impacted by this change, please see the documentation on Wikitech[1] on what to use instead. This change is being done due to the security risks that SSH agent forwarding have, especially in shared environments like Cloud VPS.
Taavi
-- Taavi Väänänen (he/him) Site Reliability Engineer, Cloud Services Wikimedia Foundation _______________________________________________ Cloud-announce mailing list -- cloud-announce@lists.wikimedia.org List information: https://lists.wikimedia.org/postorius/lists/cloud-announce.lists.wikimedia.o...
Cloud mailing list -- cloud@lists.wikimedia.org List information: https://lists.wikimedia.org/postorius/lists/cloud.lists.wikimedia.org/
Thank you!
How can I enable the similar VM connection by using a Smartphone or Tablet (Android). I used the App ConnectBot up to now. But this doesn't work any more because of the change.
Martin
Martin Urbanec martin.urbanec@wikimedia.cz schrieb am Di., 14. Okt. 2025, 18:43:
Hi Martin,
PuTTY supports a proxy setting, which allows you to proxy the connection to the VM via bastion, without setting two separate SSH connections. https://superuser.com/questions/1448180/how-to-setup-proxy-jump-with-putty should cover that.
Martin
On Tue, Oct 14, 2025 at 5:28 PM Martin Domdey dr.taxon@gmail.com wrote:
Hi,
I have to use PuTTY on Windows 11 for SSH from bastion-eqiad1-5 to taxonbot4.dwl.eqiad1.wikimedia.cloud - that's why I needed a SSH agent.
I know no other way to ssh a session than PuTTY. What can I do know to get access? I have to work on bot codes.
Kind regards Martin
Taavi Väänänen taavi@wikimedia.org schrieb am Di., 14. Okt. 2025, 16:34:
Hi,
Starting today, Cloud VPS hosts no longer support forwarding in your SSH agent[0]. This should not break any modern setups, but in case your access is impacted by this change, please see the documentation on Wikitech[1] on what to use instead. This change is being done due to the security risks that SSH agent forwarding have, especially in shared environments like Cloud VPS.
Taavi
-- Taavi Väänänen (he/him) Site Reliability Engineer, Cloud Services Wikimedia Foundation _______________________________________________ Cloud-announce mailing list -- cloud-announce@lists.wikimedia.org List information: https://lists.wikimedia.org/postorius/lists/cloud-announce.lists.wikimedia.o...
Cloud mailing list -- cloud@lists.wikimedia.org List information: https://lists.wikimedia.org/postorius/lists/cloud.lists.wikimedia.org/