Ubuntu – Why won’t ssh-agent save the unencrypted key for later use

sshssh-agent

Every time I SSH into another server from our headless Ubuntu server I am asked for the password to my key file. Even if I have previously connected to the server.

Do you have any idea why this maybe? It could be something as simple as ssh-agent not currently running or something.

The same key on my Ubuntu Gnome desktop is working fine. Both server and desktop are running Ubuntu 10.10.

ps -ef | grep '[s]sh-agent'
simon     3219     1  0 12:46 ?        00:00:00 ssh-agent

Best Answer

Even if agent is up, if certain environment variables are not set, you have no reference to agent. Furthermore, even if it is all ok, agent and variables, the identity are not automatically sent to agent: that is a task for ssh-askpass, working only in X sessions.

If you are using bash, create the file ~/.bash_profile with this content:

# File: ~/.bash_profile

# source ~/.profile, if available
if [[ -r ~/.profile ]]; then
  . ~/.profile
fi

# start agent and set environment variables, if needed
agent_started=0
if ! env | grep -q SSH_AGENT_PID >/dev/null; then
  echo "Starting ssh agent"
  eval $(ssh-agent -s)
  agent_started=1
fi

# ssh become a function, adding identity to agent when needed
ssh() {
  if ! ssh-add -l >/dev/null 2>&-; then
    ssh-add ~/.ssh/id_dsa
  fi
  /usr/bin/ssh "$@"
}
export -f ssh

# another example: git
git() {
  if ! ssh-add -l >/dev/null 2>&-; then
    ssh-add ~/.ssh/id_dsa
  fi
  /usr/bin/git "$@"
}
export -f git

modify the file name ~/.ssh/id_dsa following your needs, and add this line to ~/.bash_logout

# stuff to add at end of ~/.bash_logout
if ((agent_started)); then
  echo "Killing ssh agent"
  ssh-agent -k
fi

A last note: this do not interfere with a gnome session, because in that case only ~/.profile is sourced, and you can benefit from the ssh-askpass graphical interface that ask for a passphrase and send it to the ssh-agent.

Related Solutions

Ubuntu – SSH keys not working

First of all, I suggest, if you can, to remove+purge, then reinstall openssh-client/server on the three machines, and remove each ~/.ssh, so that you start from a clean situation.

Next, follow this ubuntu wiki page that treats more specifically of ssh keys configuration.

Last, keep in mind the following issue: from debian ssh wiki:

Login without password does not work if group or world has write permissions for the home directory on the remote machine.

Ubuntu – How to get OpenSSH to use ksshaskpass under KDE

I don't know the internals so to explain why in GNOME it works and in KDE it doesn't, but I can suggest a solution.

Define a function like the following in your ~/.bashrc:

ssh() {
    if ! ssh-add -l &>/dev/null; then
        ssh-add </dev/null &>/dev/null
    fi
    command ssh "$@"
}

i.e., if the agent has no key stored already (! ssh-add -l), then call it with input from /dev/null: this is to convince ssh-add has no terminal, and force to ask the password with a GUI window.

You could set the SSH_ASKPASS environment variable to point to a different application to ask for the password.

Best Answer

Related Solutions

Ubuntu – SSH keys not working

Ubuntu – How to get OpenSSH to use ksshaskpass under KDE

Related Question