SSH-Agent – Why Won’t It Save Unencrypted Key for Later Use?


Every time I SSH into another server from our headless Ubuntu server I am asked for the password to my key file. Even if I have previously connected to the server.

Do you have any idea why this maybe? It could be something as simple as ssh-agent not currently running or something.

The same key on my Ubuntu Gnome desktop is working fine. Both server and desktop are running Ubuntu 10.10.

ps -ef | grep '[s]sh-agent'
simon     3219     1  0 12:46 ?        00:00:00 ssh-agent

Best Answer

Even if agent is up, if certain environment variables are not set, you have no reference to agent. Furthermore, even if it is all ok, agent and variables, the identity are not automatically sent to agent: that is a task for ssh-askpass, working only in X sessions.

If you are using bash, create the file ~/.bash_profile with this content:

# File: ~/.bash_profile

# source ~/.profile, if available
if [[ -r ~/.profile ]]; then
  . ~/.profile

# start agent and set environment variables, if needed
if ! env | grep -q SSH_AGENT_PID >/dev/null; then
  echo "Starting ssh agent"
  eval $(ssh-agent -s)

# ssh become a function, adding identity to agent when needed
ssh() {
  if ! ssh-add -l >/dev/null 2>&-; then
    ssh-add ~/.ssh/id_dsa
  /usr/bin/ssh "$@"
export -f ssh

# another example: git
git() {
  if ! ssh-add -l >/dev/null 2>&-; then
    ssh-add ~/.ssh/id_dsa
  /usr/bin/git "$@"
export -f git

modify the file name ~/.ssh/id_dsa following your needs, and add this line to ~/.bash_logout

# stuff to add at end of ~/.bash_logout
if ((agent_started)); then
  echo "Killing ssh agent"
  ssh-agent -k

A last note: this do not interfere with a gnome session, because in that case only ~/.profile is sourced, and you can benefit from the ssh-askpass graphical interface that ask for a passphrase and send it to the ssh-agent.