I had this same problem. However, when a generated a new password-less private key, using the following command:
ssh-keygen -b 1024 -t rsa -f id_rsa -P ""
I no longer saw the password prompt.
Additionally, ssh-add failed to add the old key, but added the new one as expected.
I generated the old key on Leopard in 2009, using what ever version of OpenSSL I had grabbed, built and installed back then (that Mac died, so I can't log in and check what I was running). Something about that key was incompatible with Lion's native SSL libraries.
I backed up my old key, so if anyone wants to suggest some checks, to identify the key's specific properties, let me what to check and I'll report back.
Another clue - I noticed that my old id_rsa.pub file had extended attributes. i.e. it's permissions flags looked like this r--------@ instead of r--------
xattr -l id_rsa.pub.old
returned:
com.macromates.caret: {
column = 0;
line = 1;
}
cruft left over from TextMate. I don't know if removing it would have fixed the issue without my having to replace the key. I think it's unlikely.
In case you (future reader) are seeing the same thing, you can remove the extended attribute as follows:
xattr -d com.macromates.caret id_rsa.pub.old
You can stop TextMate from adding them by first exiting TextMate and then issuing this command:
defaults write com.macromates.textmate OakDocumentDisableFSMetaData 1
Here's what happened. On the machines I was trying to reach (10.x.y.182 and 10.x.y.194), in the time when I was not using them they had their hard disks replaced and the OS reinstalled. This gave them new SSH keys, invalidating the ones I had in my ~/.ssh/known_hosts file. Unfortunately, Terminal.app did not surface this problem to me.
By deleting the entries for those machines in ~/.ssh/known_hosts, I forced the system to pull down the new keys and ask me if I wanted to use them. With this done, connections worked perfectly as usual. Oddly, however, even before I changed ~/.ssh/known_hosts, connections using the DNS name of the machine (svr10 and svr20) worked. Weird.
Thanks, everyone, who looked at this problem.
Best Answer
You should be using SSH keys to authenticate with rather than putting your password on the command line as it's extremely insecure.
The way this works is once you have your SSH keys set up, all you have to do is issue the command:
and without typing another thing, you will be automatically logged in.
Copy SSH Public Key to Mac/FreeBSD/Linux from macOS
This assumes you have access to the remote server via password based authentication (typing in a password), and that you have already generated your private/public keypair (if not, see below). In the following example, we are using RSA. To start with let's copy the key over (be aware that the "home" directory differs between macOS, Linux, BSD, etc.):
Using SCP:
Or simply cat-ing the file to
authorized_keys
(I prefer this method):(Your key name may differ) If the .ssh directory does not exist on the remote server you will need to login and create it.
Now the key has been copied from the mac to the remote server. Set correct permissions for the SSH Public Key on the remote server:
Next add the key to the SSH authorized_keys file, if the file does not exist create it.
If the file
authorized_keys
already exists in~/.ssh
the use the following command:If the file does not exist enter the following commands:
Generate SSH Public/Private key on macOS
Open up the Terminal by going to Applications -> Utilities -> Terminal
In the terminal, use the following command to start the key generation
Next you will be prompted to provide the location where you want to create the private key file:
Enter file in which to save the key (
/Users/username/.ssh/id_rsa
):Leave this empty to create the key in the default location, which is
/Users/username/.ssh/id_rsa
. The public key file will be created in the very same location, and with the same name, but with the .PUB extension.After you will be prompted to choose a passphrase. This is the password optional to use the private key.
Your SSH key is generated.
Now, keep in mind, if you put in a passphrase you will be required to enter it each time you connect. The utility
ssh-agent
will keep the passphrase in memory alleviating the need to manually enter it every time you connect while you are in the same session. For more details seeman ssh-agent