When I ssh into a server and my key isn't loaded in the agent, I have to abort, then run ssh-add to get my key into the agent. I'd like the ssh command to add the key automatically if it isn't present, though. Is this possible?
OpenSSH – Have SSH Add Keys to Agent as Needed
key-authenticationssh
Related Solutions
It looks like you may not have actually added the key to the agent..
If your local workstation is Linux then there's likely an agent running as part of your session you can examine it's contents with ssh-add -l
If the key hasn't been added to the agent you can also add it with ssh-add
After that when you ssh
to mysite.be you should be able to see the key fingerprint listed when you run ssh-add -l
This may be due to a bug in ssh-add -d/-D
not removing keys. There were some bug reports about it, e.g.
- Debian Bug report #472477: ssh-add -D does not remove SSH key from gnome-keyring-daemon memory
- Ubuntu: ssh-add -D deleting all identities does not work. Also, why are all identities auto-added?
The exact issue is:
ssh-add -d/-D
deletes only manually added keys from gnome-keyring. There is no way to delete automatically added keys. This is the original bug, and it's still definitely present.Allowing
ssh-add -d
to apply to automatically-loaded keys (andssh-add -t X
to change the lifetime of automatically-loaded keys), would restore the behaviour most users expect.
A possible workaround:
Do
ssh-add -D
to delete all your manually added keys.Navigate to your
~/.ssh
folder and move all your key files except the one you want to identify with into a separate folder called backup. If necessary you can also open seahorse and delete the keys from there.
Another workaround:
What you really want to do is to turn off
gpg-keyring-daemon
altogether. Go toSystem --> Preferences --> Startup Applications
, and unselect the "SSH Key Agent (Gnome Keyring SSH Agent)
" box -- you'll need to scroll down to find it.You'll still get an
ssh-agent
, only now it will behave sanely: no keys autoloaded, you runssh-add
to add them, and if you want to delete keys, you can.
This comments actually suggests:
The solution is to
keep gnome-keyring-manager
from ever starting up, which was strangely difficult by finally achieved by removing the program file's execute permission.
Best Answer
The
AddKeysToAgent
option does what I want. I can specify-o AddKeysToAgent=yes
on the command line or addAddKeysToAgent yes
on a line by itself in my.ssh/config
. Either works.It looks like this is a very recent addition to openssh, appearing in release 7.2, dated 2016-02-28!
http://www.openssh.com/txt/release-7.2
Thanks, OpenBSD! I'll be using this a lot.