MacOS SSH connect using key

high sierrasshterminal

I'm trying to connect to my host using SSH key. I've generated a key pair and added public key to authorized keys to the server.

However I'm unable to connect to server using my private key. Every time I connect it asks for the password.

I've tried to run ssh-add my_key_name and it said that it's fine and been added. But it is not working.

Also I've tried to add to my config

Host alias
    HostName host
    User user_name
    IdentityFile ~/.ssh/id_rsa

It also is not working. ssh alias working but still asks for password.

Best Answer

For a detailed explanation of what's going on see SSH Agents. Halfway through the page you'll find SSH Agent on OS X & macOS.

You have to add some lines to your config file:

# enable integration between Keychain and SSH Agent  
UseKeychain yes  
AddKeysToAgent yes

Once you have done that, I think you will be asked for your password the first time you ssh into your server. After that it will use the keys you provided.

So your config file should look like this:

Host alias
    HostName host
    User user_name
    IdentityFile ~/.ssh/id_rsa
    # enable integration between Keychain and SSH Agent  
    UseKeychain yes  
    AddKeysToAgent yes

Related Solutions

Password dialog appears when SSH private key permissions are set to 0600

Make sure you have a corresponding id_rsa.pub or id_dsa.pub in your ~/.ssh directory.

When I had an id_rsa but not a corresponding id_rsa.pub, Mac OS X kept popping up the dialog and remember passowrd in my keychain did nothing.

cd ~/.ssh
ssh-keygen -y -f id_rsa > id_rsa.pub

generated the appropriate public key file for me.

If you already had your public file there (rename it to another name) and generate the public key again using the above command, you'll notice that the generated and the old one are not equal. Somehow the older versions of Mac OS X generated a public key that Lion does not like anymore, generating it again fixes that.

For the curious, the key is exactly the same, the part that changes is that there is no "comments" section after the key on the file any longer.

Password dialog appears for password-less SSH private key

I had this same problem. However, when a generated a new password-less private key, using the following command:

ssh-keygen -b 1024 -t rsa -f id_rsa -P ""

I no longer saw the password prompt.

Additionally, ssh-add failed to add the old key, but added the new one as expected.

I generated the old key on Leopard in 2009, using what ever version of OpenSSL I had grabbed, built and installed back then (that Mac died, so I can't log in and check what I was running). Something about that key was incompatible with Lion's native SSL libraries.

I backed up my old key, so if anyone wants to suggest some checks, to identify the key's specific properties, let me what to check and I'll report back.

Another clue - I noticed that my old id_rsa.pub file had extended attributes. i.e. it's permissions flags looked like this r--------@ instead of r--------

xattr -l id_rsa.pub.old

returned:

com.macromates.caret: {
    column = 0;
    line = 1;
}

cruft left over from TextMate. I don't know if removing it would have fixed the issue without my having to replace the key. I think it's unlikely.

In case you (future reader) are seeing the same thing, you can remove the extended attribute as follows:

 xattr -d com.macromates.caret id_rsa.pub.old

You can stop TextMate from adding them by first exiting TextMate and then issuing this command:

defaults write com.macromates.textmate OakDocumentDisableFSMetaData 1

Best Answer

Related Solutions

Password dialog appears when SSH private key permissions are set to 0600

Password dialog appears for password-less SSH private key

Related Question