summary: I have 2 devices on same LAN which tunnel through one gateway to a cluster, using ssh with public keys for password/passphrase-less login. I configured both devices, and those ssh configurations are nearly identical with regard to ssh. From either device I can shell into the cluster. However on one device I can shell in without getting a credential challenge (good), but on the other device I always get challenged (bad). How to debug the latter?

details: I'd appreciate help debugging the following:

I'm in a scientific workplace with (to a very first approximation) 1 LAN for users and lightweight servers, and 1 cluster where the science gets done. Users (like me) on the outer LAN can only connect to the cluster through a gateway/firewall server. Users get issued an XP PC; the servers (mostly) and clusters (exclusively) run RHEL.

The first thing I did to "my" windows box (call it W) was install cygwin, from which I then generated and distributed RSA keys, and setup an SSH tunnel from W through the gateway server (G) to the cluster (C), via

+ a bash script `w2g` on W which connects only W->G

+ a stanza in W:.ssh/config which connects W->G (via `ssh g` from W's commandline)

+ a bash script `g2c` in my homespace on G which connects only G->C

+ a stanza in G:.ssh/config which connects G->C (via `ssh c` from G's commandline)

+ a bash script `w2c` on W (which tunnels W->G->C)

+ a stanza in W:.ssh/config (which tunnels W->G->C, via `ssh c` from W's commandline)

Those all work correctly on W, i.e., without password/passphrase challenge (except when I try to tunnel W->C without first setting up the W->G connection--will post a separate question about that).

But W is still a windows box, so I was thrilled to discover that I could finally start using my personal debian laptop (call it L) on the user LAN. I have configured SSH on L many times for many networks, and quickly got L ssh'ing on the user LAN, using nearly the same procedure as I used with cygwin on W (note both run OpenSSH). So I am a bit chagrined to observe that, while these run password/passphrase-less on L

+ bash script `l2g` on L connecting L->G

+ stanza in L:.ssh/config connecting L->G (via `ssh g` from L's commandline)

and these of course still works without challenge on G once I have ssh'ed in from L

+ bash script `g2c` on G connecting G->C

+ stanza in G:.ssh/config connecting G->C (via `ssh c` from G's commandline)

the following get password-challenged, every time, whether or not I have an already-open L->G SSH session:

- bash script `l2c` on L (tunneling L->G->C)

- stanza in L:.ssh/config (tunneling L->G->C, via `ssh c` from L's commandline)

Note also that

* the contents of file=`l2c` are identical to the contents of file=`w2c`

* the contents of file=W:.ssh/config are identical to the contents of file=L:.ssh/config

particularly, both are forwarding through port#=10230 (dunno how I chose that).

To hopefully clarify the problem, compare how W succeeds with how L fails:

A session on W is like this: with 2 shells open, I can do

1 `ssh g` in one shell: this goes directly to the splash screen and prompt for the gateway, no credential challenge.

2 `w2g` in another shell: this gets the gateway splash screen, then

> bind: Address already in use
> channel_setup_fwd_listener: cannot listen to port: 10230
> Could not request local forwarding.

then I get the prompt for the cluster, no credential challenge. By contrast, on L, with 2 shells open, I can do

1 `ssh g` in one shell: this goes directly to the splash screen and prompt for the gateway, no credential challenge.

2 `l2g` in another shell: this gets the gateway splash screen, then

> bind: Address already in use
> channel_setup_fwd_listener: cannot listen to port: 10230
> bind: Address already in use
> channel_setup_fwd_listener: cannot listen to port: 10230
> Could not request local forwarding.
> me@localhost's password:

i.e., a credential challenge.

What am I doing wrong? or for what should I check?