Ubuntu – SSH keeps asking for the passphrase

ssh

I would like to use two different services that use public key authentification, without having to always input my pass-phrase.

What I want:

  • to be able to type git pull without entering my login/password or my passphrase
  • to be able to type gcloud [...] ssh [...] without entering my passphrase each time.

As of today:

  • git pull does not ask me to enter my credentials, they are stored inside ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub.
  • gcloud ... ssh ... always ask me to enter my passphrase:

$ gcloud … ssh …

sign_and_send_pubkey: signing failed: agent refused operation

Enter passphrase for key '/home/BeChillerToo/.ssh/google':

This is the content of my ~/.ssh/config:

IdentityFile ~/.ssh/google
IdentityFile ~/.ssh/id_rsa

And the content of /etc/ssh/ssh_config:

Host *
PasswordAuthentication yes
SendEnv LANG LC_*
HashKnownHosts yes
GSSAPIAuthentication yes

EDIT:
My keys seem to be badly added.

Here's the result of ssh-add -l after I boot:

2048 SHA256:+nCvs...CUM+DHqA4 chill@laptop (RSA)
4096 SHA256:bTgKQM...ok chill@gmail.com (RSA)
4096 SHA256:92d3Wy...jc chill@work-mail.com (RSA)

And then after I add the google-compute-engine key:

2048 SHA256:+nCvs...CUM+DHqA4 /home/chill/.ssh/google_compute_engine (RSA)
4096 SHA256:bTgKQM...ok chill@gmail.com (RSA)
4096 SHA256:92d3Wy...jc chill@work-mail.com (RSA)

The key related to chill@work-mail.com is the one I use for Github, hence why I don't have to provide credentials to git pull.

And I suspect that the first key (the one that switches from chill@laptop to /home/chill/.ssh/google_compute_engine) is the one causing the problem with gcloud:

$ gcloud compute ... ssh ...

sign_and_send_pubkey: signing failed: agent refused operation
Enter passphrase for key '/home/chill/.ssh/google_compute_engine':

Best Answer

Use ssh-agent. In a X environment GNOME keyring or KDE wallet can handle the keys automatically. In the console environment start the ssh-agent like this:

$ eval $(ssh-agent)

## The output without the eval will look like this:
$ ssh-agent
ssh-agent 
SSH_AUTH_SOCK=/tmp/ssh-hvcwJQnSOHOi/agent.125894; export SSH_AUTH_SOCK;
SSH_AGENT_PID=125895; export SSH_AGENT_PID;
echo Agent pid 125895;

After the ssh-agent is started (with the eval). You can add SSH keys with ssh-add

$ ssh-add ~/.ssh/google
$ ssh-add ~/.ssh/id_rsa

With current versions of SSH you can also add the option AddKeysToAgent to the ~/.ssh/config file:

## ~/.ssh/config
AddKeysToAgent yes

This will automatically add the keys to the agent, if the environment variables SSH_AUTH_SOCK and SSH_AGENT_PID are set.

Also check this post for the sign_and_send_pubkey: signing failed: agent refused operation error.

Related Question