Re: Annoying problem with ssh keys

On Sun, 2008-08-17 at 00:55 +0000, Kennneth P. Turvey wrote:
Everytime I need to use ssh I get a dialog to enter the passphrase for
the key. It doesn't work. If I cancel it three times I get a prompt on
the command line and the same passphrase works. Of course it isn't
cached anywhere, so the next time I need to use it I have to go through
the same procedure again.

How do I get ssh to behave?
I can't explain the issue with the dialog box (possibly a bug in
ssh-askass-gnome?), but there is a solution that only requires you to
suply the pass phrase once per X login.

It is likely that you have ssh-agent running. You can check that from a
terminal session with the command
env | grep SSH
which will produce a line like
SSH_AUTH_SOCK=/tmp/keyring-n2UEyi/ssh
or
SSH_AUTH_SOCK=/tmp/ssh-THqzVF9262/agent.9262

(I have seahorse installed and that uses the first form, while the
standard ssh agent uses the second form, which incorporates the PID of
the initial agent process in the file and directory name.) Note that
the directory (and file, for ssh-agent) has a dynamic part, which will
change each time that you log in to X.

In that case, you can load your key into the agent, with
ssh-add

That will load the standard keys into the agent:
~/.ssh/identity (SSH1, RSA)
~/.ssh/id_dsa (SSH2, DSA)
~/.ssh/id_rsa (SSH2, RSA)
after it gets the pass phrase for each key.
Note that if you have two keys with the same pass phrase, then they will
both be loaded successfully, but ssh-add will only ask once for the
phrase.

After that, any ssh clients started from your X session will be able to
ask the agent to perform required operations using your keys, without
needing you to supply the pass-phrase. You can check that the expected
keys are loaded with
ssh-add -l


Tim



--
ubuntu-users mailing list
ubuntu-users@xxxxxxxxxxxxxxxx
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Relevant Pages

  • SSH
    ... I just wanted to know how dangerous are ssh keys with no password phrases? ... And how bad would it be to have all the servers I have access to with different keys but the exact same password phrase like "pepsi"? ... And is it more secure to have a pass phraseless ssh key compared to just using ssh with no keys and just using a password that belongs to the unix account? ...
    (FreeBSD-Security)
  • Re: ssh-agent Warnings ???
    ... error messages as a group any time I open a new Xterm. ... Could not open a connection to your authentication agent. ... It doesn't matter whether the xterm I open is on my local desktop, ... That could have done more damage than helped as if you changed keys they are ...
    (comp.os.linux.security)
  • Re: Apache Software Foundation Server compromised, resecured. (fwd)
    ... >> originating client hosting the first ssh-agent in a chain. ... >> forward your agent from trusted host A to untrusted host B, ... there is a sshd process on Host_B which is ... you used public keys and did not do agent forwarding, ...
    (FreeBSD-Security)
  • Re: Apache Software Foundation Server compromised, resecured. (fwd)
    ... >>> forward your agent from trusted host A to untrusted host B, ... >> this would be a standard man in the middle attack, ... Say you connect from Host_A to Host_B with agent forwarding ... > you used public keys and did not do agent forwarding, ...
    (FreeBSD-Security)
  • Re: Annoying problem with ssh keys
    ... How do I get ssh to behave? ... the initial agent process in the file and directory name.) ... That will load the standard keys into the agent: ... after it gets the pass phrase for each key. ...
    (Ubuntu)