12

Every time I SSH into another server from our headless Ubuntu server I am asked for the password to my key file. Even if I have previously connected to the server.

Do you have any idea why this maybe? It could be something as simple as ssh-agent not currently running or something.

The same key on my Ubuntu Gnome desktop is working fine. Both server and desktop are running Ubuntu 10.10.

ps -ef | grep '[s]sh-agent'
simon     3219     1  0 12:46 ?        00:00:00 ssh-agent
Treffynnon
  • 507
  • 1
  • 5
  • 14

3 Answers3

10

Even if agent is up, if certain environment variables are not set, you have no reference to agent. Furthermore, even if it is all ok, agent and variables, the identity are not automatically sent to agent: that is a task for ssh-askpass, working only in X sessions.

If you are using bash, create the file ~/.bash_profile with this content:

# File: ~/.bash_profile

# source ~/.profile, if available
if [[ -r ~/.profile ]]; then
  . ~/.profile
fi

# start agent and set environment variables, if needed
agent_started=0
if ! env | grep -q SSH_AGENT_PID >/dev/null; then
  echo "Starting ssh agent"
  eval $(ssh-agent -s)
  agent_started=1
fi

# ssh become a function, adding identity to agent when needed
ssh() {
  if ! ssh-add -l >/dev/null 2>&-; then
    ssh-add ~/.ssh/id_dsa
  fi
  /usr/bin/ssh "$@"
}
export -f ssh

# another example: git
git() {
  if ! ssh-add -l >/dev/null 2>&-; then
    ssh-add ~/.ssh/id_dsa
  fi
  /usr/bin/git "$@"
}
export -f git

modify the file name ~/.ssh/id_dsa following your needs, and add this line to ~/.bash_logout

# stuff to add at end of ~/.bash_logout
if ((agent_started)); then
  echo "Killing ssh agent"
  ssh-agent -k
fi

A last note: this do not interfere with a gnome session, because in that case only ~/.profile is sourced, and you can benefit from the ssh-askpass graphical interface that ask for a passphrase and send it to the ssh-agent.

enzotib
  • 92,255
  • 11
  • 164
  • 178
  • Thanks @enzotib its works great for `ssh`ing into other machines. But it doesn't when using `git` to push or pull on a public repository. Do you have any ideas how I could solve that as well? – Treffynnon Apr 26 '11 at 09:43
  • Add a function identical to `ssh()`, call it `git()` and change last line from `/usr/bin/ssh` to `/usr/bin/git`. Also, add a final line with `export -f git`. – enzotib Apr 26 '11 at 10:15
  • @enzotib I tried that, but now when I `ssh` into the machine with the `bash_profile` file you created above setup it asks me for the key's password. For some reason now every time I ssh in it asks even before I have executed `ssh` or `git`. See https://gist.github.com/942082 for the prompt I get back when I login to the offending machine. – Treffynnon Apr 26 '11 at 10:25
  • @Treffynnon: I don't know exactly how `git` interact with `ssh`, and I don't use `git` so that I cannot try. I modified the `~/.bash_profile` to include the `git()` function I mentioned above, to be sure my previous explanation was clear. Also, it seems from the output you show that you modified the server machine, but all my advices were directed to the client machine only. – enzotib Apr 26 '11 at 10:42
  • @enzotib That is correct. The server I log into becomes my client when I `git` push to a central forge/repository from it so the file is in the right place. I think you have just given me the hint/jogged my thoughts. I have a special bash prompt that displays the git branch of the `pwd`. I bet that is what is triggering the password request at bash login as it attempts to git stat before rendering the bash prompt! – Treffynnon Apr 26 '11 at 10:49
  • I have just tried removing the git stuff from my bash prompt and that is definitely what is triggering the request for a password at login. Thanks for your help! – Treffynnon Apr 26 '11 at 10:51
  • Why are you using `2>-` in those functions? This results in a file named `-` to be created whenever I use git :P – Oliver Salzburg Jul 10 '13 at 16:11
  • @OliverSalzburg: it is an error, it should be `2>&-` to close stderr. – enzotib Jul 10 '13 at 16:24
2

I recently started using ssh-ident:

https://github.com/ccontavalli/ssh-ident

all you have to do is add something like:

alias ssh="/path/to/ssh-ident"

in your .bashrc. Alternatively, you can ln -s /path/to/ssh-ident ~/bin/ssh or some other directory in your PATH before /bin and /usr/bin.

Seth
  • 57,282
  • 43
  • 144
  • 200
rabexc
  • 141
  • 2
1

This question has a quite good answer over at SuperUser.

I found the hint to use Keychain pretty useful.

Community
  • 1
metakermit
  • 2,600
  • 3
  • 28
  • 34