Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers. We don’t allow questions about general computing hardware and software on Stack Overflow. You can edit the question so it’s on-topic for Stack Overflow. Closed 3 years ago. Improve this question
I have a private key protected with a password to access a server via SSH.
I have 2 linux (ubuntu 10.04) machines and the behavior of ssh-add command is different in both of them.
In one machine, once I use "ssh-add .ssh/identity" and entered my password, the key was added permanently, i.e., every time I shutdown the computer and login again, the key is already added.
In the other one, I have to add the key every time I login.
As far as I remember, I did the same thing on both. The only difference is that the key was created on the one that is added permanently.
Does anyone know how to add it permanently to the other machine as well?
A solution would be to force the key files to be kept permanently, by adding them in your ~/.ssh/config file:
IdentityFile ~/.ssh/gitHubKey
IdentityFile ~/.ssh/id_rsa_buhlServer
If you do not have a 'config' file in the ~/.ssh directory, then you should create one. It does not need root rights, so simply:
nano ~/.ssh/config
...and enter the lines above as per your requirements.
For this to work the file needs to have chmod 600. You can use the command chmod 600 ~/.ssh/config.
If you want all users on the computer to use the key put these lines into /etc/ssh/ssh_config and the key in a folder accessible to all.
Additionally if you want to set the key specific to one host, you can do the following in your ~/.ssh/config :
Host github.com
User git
IdentityFile ~/.ssh/githubKey
This has the advantage when you have many identities that a server doesn't reject you because you tried the wrong identities first. Only the specific identity will be tried.
I solved that problem on Mac OSX (10.10) by using -K option for ssh-add:
ssh-add -K ~/.ssh/your_private_key
For macOS 10.12 and later you need to additionally edit your ssh config as described here: https://github.com/jirsbek/SSH-keys-in-macOS-Sierra-keychain
man ssh-add on macOS High Sierra, ssh-add -K will save the passphrase into the keychain, and after rebooting, just use ssh-add -A, which does not need you to input your passphrase.
This didn't answer the same issue for me under Mac OS X Lion. I ended up adding:
ssh-add ~/.ssh/id_rsa &>/dev/null
To my .zshrc (but .profile would be fine too), which seems to have fixed it.
(As suggested here: http://geek.michaelgrace.org/2011/09/permanently-add-ssh-key-ssh-add/ )
ForwardAgent yes to my .ssh/config) solved that issue fantastically. As it turns out, it could just be ssh-add &>/dev/null as the default behavior of ssh-add appears to be to add the keys it finds in your .ssh folder.
-K adds keys to OS X's keychain, which OS X GUIs use to authenticate to foreign servers. The poster in that Q is connecting through an SSH Tunnel, but is still just connecting to a remote server. A-[SSH Tunnel]->B The case I'm in is I am on a remote server but want authentication to be against credentials on my home system. A <-[Auth]-B-[Connect]->C So -K doesn't actually help, but is a great solution for the other Q.
unknown option -- K (I admit I'm not sure why I even need to do this...)
Just add the keychain, as referenced in Ubuntu Quick Tips https://help.ubuntu.com/community/QuickTips
What
Instead of constantly starting up ssh-agent and ssh-add, it is possible to use keychain to manage your ssh keys. To install keychain, you can just click here, or use Synaptic to do the job or apt-get from the command line.
Command line
Another way to install the file is to open the terminal (Application->Accessories->Terminal) and type:
sudo apt-get install keychain
Edit File
You then should add the following lines to your ${HOME}/.bashrc or /etc/bash.bashrc:
keychain id_rsa id_dsa
. ~/.keychain/`uname -n`-sh
. is an alias for source
uname -n-sh exists ?
id_dsa ? I've searched this page and only seen this mentioned in this answer and another but not in the original question. Is this just another key like id_rsa because 2 keys are being setup?
I tried @Aaron's solution and it didn't quite work for me, because it would re-add my keys every time I opened a new tab in my terminal. So I modified it a bit(note that most of my keys are also password-protected so I can't just send the output to /dev/null):
added_keys=`ssh-add -l`
if [ ! $(echo $added_keys | grep -o -e my_key) ]; then
ssh-add "$HOME/.ssh/my_key"
fi
What this does is that it checks the output of ssh-add -l(which lists all keys that have been added) for a specific key and if it doesn't find it, then it adds it with ssh-add.
Now the first time I open my terminal I'm asked for the passwords for my private keys and I'm not asked again until I reboot(or logout - I haven't checked) my computer.
Since I have a bunch of keys I store the output of ssh-add -l in a variable to improve performance(at least I guess it improves performance :) )
PS: I'm on linux and this code went to my ~/.bashrc file - if you are on Mac OS X, then I assume you should add it to .zshrc or .profile
EDIT: As pointed out by @Aaron in the comments, the .zshrc file is used from the zsh shell - so if you're not using that(if you're not sure, then most likely, you're using bash instead), this code should go to your .bashrc file.
.zshrc is for the zsh shell, which I use instead of bash. If you're using bash on Mac OS X (the default), it would be .bashrc there as well.
ssh-add -l return code echo $? can be used to decide whether to add key or not. Im my linux machine with bash, the ssh-add -l won't output the key filename. Return code always works.
I had the same issue on Ubuntu 16.04: some keys were added permanently, for others I had to execute ssh-add on every session. I found out that the keys which were added permanently had both private and public key located in ~/.ssh and the keys which were forgotten on every session had only private keys in ~/.ssh dir. So solution is simple: you should copy both private and public key to ~/.ssh before executing ssh-add.
P.S.: As far as I understand from Gnome wiki my method works thanks to gnome-keyring tool which is part of the Gnome Desktop Environment. Therefore my method should probably work only if you use Gnome or Gnome-based DE.
In my case the solution was:
Permissions on the config file should be 600. chmod 600 config
As mentioned in the comments above by generalopinion
No need to touch the config file contents.
~/.ssh/config file read/write for the user, and not writable by others.
I run Ubuntu using two id_rsa key's. (one personal one for work). ssh-add would remember one key (personal one) and forget the company one every time.
Checking out the difference between the two I saw my personal key had 400 rights while the company one had 600 rights. (had u+w). Removing the user write right from the company key (u-w or set to 400) fixed my problem. ssh-add now remembers both keys.
On Ubuntu 14.04 (maybe earlier, maybe still) you don't even need the console:
start seahorse or launch that thing you find searching for "key"
create an SSH key there (or import one) no need to leave the passphrase empty it is offered to you to even push the public key to a server (or more)
no need to leave the passphrase empty
it is offered to you to even push the public key to a server (or more)
you will end up with an ssh-agent running and this key loaded, but locked
using ssh will pickup the identity (i.e. key) through the agent
on first use during the session, the passphrase will be checked and you have the option to automatically unlock the key on login this means the login auth will be used to wrap the passphrase of the key
and you have the option to automatically unlock the key on login
this means the login auth will be used to wrap the passphrase of the key
note: if you want to forward your identity (i.e. agent-forwarding) invoke your ssh with -A or make that the default otherwise you can't authenticate with that key on a machine you login to later to a third machine
otherwise you can't authenticate with that key on a machine you login to later to a third machine
seahorse.
Adding the following lines in "~/.bashrc" solved the issue for me. I'm using Ubuntu 14.04 desktop.
eval `gnome-keyring-daemon --start`
USERNAME="reynold"
export SSH_AUTH_SOCK="$(ls /run/user/$(id -u $USERNAME)/keyring*/ssh|head -1)"
export SSH_AGENT_PID="$(pgrep gnome-keyring)"
This worked for me.
ssh-agent /bin/sh
ssh-add /path/to/your/key
very simple ^_^ two steps
1.yum install keychain
2.add code below to .bash_profile
/usr/bin/keychain $HOME/.ssh/id_dsa
source $HOME/.keychain/$HOSTNAME-sh
For those that use Fish shell you can use the following function then call it in ~/.config/fish/config.fish or in a separate configuration file in ~/.config/fish/conf.d/loadsshkeys.fish. It will load all keys that start with id_rsa into the ssh-agent.
# Load all ssh keys that start with "id_rsa"
function loadsshkeys
set added_keys (ssh-add -l)
for key in (find ~/.ssh/ -not -name "*.pub" -a -iname "id_rsa*")
if test ! (echo $added_keys | grep -o -e $key)
ssh-add "$key"
end
end
end
# Call the function to run it.
loadsshkeys
If you want to have the ssh-agent auto started when you open a terminal you can use danhper/fish-ssh-agent to do this.
Follow WeChat
Success story sharing
Want to stay one step ahead of the latest teleworks?
Subscribe Now相似问题
- How to use SSH to run a local shell script on a remote machine?
- How do I access my SSH public key?
- How to specify the private SSH-key to use when executing shell command on Git?
- "UNPROTECTED PRIVATE KEY FILE!" Error using SSH into Amazon EC2 Instance (AWS)
- Git keeps asking me for my ssh key passphrase
- Git error: "Host Key Verification Failed" when connecting to remote repository
- SSH Key: “Permissions 0644 for 'id_rsa.pub' are too open.” on mac
chmod 600 configssh-add ~/.ssh/gitHubKey, it will remember your key passphrase. The solution I proposed was to set it permanently across reboots.