No prompt for ssh passphrase

sshterminal

I have two ssh keys, one for git (gitlab) and one for a server.
My ~/.ssh/config is :

Host private
  HostName x.x.x.x
  User username
  IdentityFile ~/.ssh/server

Host git.example.com
  IdentityFile ~/.ssh/gitlab

However when I try ssh username@x.x.x.x or git commands I just have a message Permission denied (public key). I have to do ssh-add ~/.ssh/server and ssh-add ~/.ssh/git in order to use the keys.

How can I have a prompt to enter the passphrase the first time the key is used instead of using ssh-add ?
Ideally I'd prefer to have to enter my passphrase after every reboot instead of having the passphrase saved.

I am on macOS Mojave 10.14.6 and I use iTerm2 with oh-my-zsh.

EDIT :
After the excellent answer from wisbucky I also tried :

Host private
  HostName x.x.x.x
  User username
  IdentityFile ~/.ssh/server
  UseKeychain yes
  AddKeysToAgent yes

Host git.example.com
  IdentityFile ~/.ssh/gitlab
  UseKeychain yes
  AddKeysToAgent yes

and

Host *
  UseKeychain yes
  AddKeysToAgent yes

for the ~/.ssh/config file but without results…

Best Answer

In the ~/.ssh/config, add these lines:

Host *
    UseKeychain yes
    # automatically add keys to keychain
    AddKeysToAgent yes

UseKeychain yes will use any saved ssh keys in the Mac Keychain.

AddKeysToAgent yes will automatically save ssh keys in the Mac Keychain after the first time you enter the passphrase. If you don't add this, you can use ssh-add -K to manually add keys to the keychain also.

Note: These options were added since macOS 10.12.2

https://developer.apple.com/library/archive/technotes/tn2449/_index.html

Related Solutions

Password dialog appears for password-less SSH private key

I had this same problem. However, when a generated a new password-less private key, using the following command:

ssh-keygen -b 1024 -t rsa -f id_rsa -P ""

I no longer saw the password prompt.

Additionally, ssh-add failed to add the old key, but added the new one as expected.

I generated the old key on Leopard in 2009, using what ever version of OpenSSL I had grabbed, built and installed back then (that Mac died, so I can't log in and check what I was running). Something about that key was incompatible with Lion's native SSL libraries.

I backed up my old key, so if anyone wants to suggest some checks, to identify the key's specific properties, let me what to check and I'll report back.

Another clue - I noticed that my old id_rsa.pub file had extended attributes. i.e. it's permissions flags looked like this r--------@ instead of r--------

xattr -l id_rsa.pub.old

returned:

com.macromates.caret: {
    column = 0;
    line = 1;
}

cruft left over from TextMate. I don't know if removing it would have fixed the issue without my having to replace the key. I think it's unlikely.

In case you (future reader) are seeing the same thing, you can remove the extended attribute as follows:

 xattr -d com.macromates.caret id_rsa.pub.old

You can stop TextMate from adding them by first exiting TextMate and then issuing this command:

defaults write com.macromates.textmate OakDocumentDisableFSMetaData 1

Copying ssh private key with finder, but can’t see it with console

From Terminal, type:

cd ~/.ssh
sudo ssh-add [keyname]

This will add the key to your computer for you.

Best Answer

Related Solutions

Password dialog appears for password-less SSH private key

Copying ssh private key with finder, but can’t see it with console

Related Question