A short time ago I noticed that there were three keys in my ssh-agent that I could not delete. ssh-add -l showed three keys; I ran ssh-add -D, and was told "All identities removed."; but then an immediate ssh-add -l showed the same three keys.
If I log out and then back in, the keys are still there. If I reboot the machine, the keys are still there. If I delete the keyring directory in /tmp, I can't connect to ssh-agent any more, but upon logging out and back in, the keys are back. They are invulnerable.
The keys are mine, not anyone else's, as far as I can tell. I can access my usual local services with them. But when I add one of the keys again with ssh-add, giving the path to a private key file, the new key has a different appearance in the output of ssh-add -l:
2048 00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:0f /home/jruser/.ssh/jruser-keyname-20110418 (RSA)
vs. the original:
2048 00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:0f jruser 04/18/2011 keyname (RSA)
Is there any way to sensibly account for this behavior? I guess there are really two questions:
-
How do the keys managed to be retained even across reboots? My basic knowledge of
sshsuggests that keys always have to be added manually. -
Why does
ssh-agent -Dlie to me about removing identities?
. 
Best Answer
It looks like it might be a bug. I am having similar behavoir in Ubuntu 10.10. A google search found a bug report for Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=472477
To remove the extra keys I had showing, I just moved them out of the ~/.ssh directory.