You are not logged in.
So I've recently changed to Xfce, which has buggered up my ssh-agent. I used to use gnome-keyring (aka "Seahorse").
Ideally I would like to keep using that, but I'd be happy for anything that WORKS (ie, remembers my keys so I don't have to constantly enter my (long) passphrase).
My keys all exist and are in the ssh-agent:
$ ssh-add -L
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAss......stR/9v/HwNzw== /home/fukawi2//.ssh/ssh-key.archserver
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvu......DZBimZc0orJQ== /home/fukawi2//.ssh/ssh-key.falconn
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQ......YTQkT3 /home/fukawi2//.ssh/ssh-key.nato
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAv/......4n52VCIl23fg6Q== /home/fukawi2//.ssh/ssh-key.nwb
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxU......rHyqQB3Ypu31Er2w== /home/fukawi2//.ssh/ssh-key.personal
My config specifies the correct key to use:
$ fgrep -A4 fw1 .ssh/config
Host fw1 fw1.<redacted>
hostname fw1.<redacted>
user <redacted>
IdentityFile ~/.ssh/ssh-key.nato
port <redacted>
I'm not sure if these are correct, but they seem to be:
/home/fukawi2 $ env | grep SSH
SSH_AGENT_PID=13034
SSH_AUTH_SOCK=/tmp/ssh-azEooja13033/agent.13033
SSH_ASKPASS=/usr/bin/ksshaskpass
And yet I'm constantly being asked for my passphrase.....
$ ssh fw1
Enter passphrase for key '/home/fukawi2/.ssh/ssh-key.nato':
Last edited by fukawi2 (2011-05-12 09:07:04)
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
Well, you've certainly got more experience than I, but here's some idiot checks I could come up with:
1. There was a recent (2011/5/10) change to openssh. Do all your keys not work? Logging in to an Arch server that hasn't had sshd restarted since the update?
2. Permissions correct on keys (maybe inadvertant change? Reverted to a different version of your key with the same name?
3. I use keychain started like this from my .bashrc (I login via startx/xinitrc, no login manager):
type -P keychain &>/dev/null || { echo "I require keychain but it's not installed. Aborting." >&2; }
eval `keychain -q --eval --agents ssh id_rsa logo_rsa web_rsa`
4. I don't have the SSH_ASKPASS variable in my env
Hope that helps...if not you then someone else!
Scott
Offline
OK, solution (kind of) found... Apparently keys must be named id_rsa*
Using names that make sense doesn't work. I've found this before, but got around it by symlinking a friendly name:
$ ll .ssh/ssh-key.*
lrwxrwxrwx 1 fukawi2 fukawi2 6 May 8 13:18 .ssh/ssh-key.archserver -> id_rsa
lrwxrwxrwx 1 fukawi2 fukawi2 8 May 8 13:17 .ssh/ssh-key.falconn -> id_rsa.3
lrwxrwxrwx 1 fukawi2 fukawi2 8 May 8 13:18 .ssh/ssh-key.nato -> id_rsa.4
lrwxrwxrwx 1 fukawi2 fukawi2 8 May 8 13:18 .ssh/ssh-key.nwb -> id_rsa.1
lrwxrwxrwx 1 fukawi2 fukawi2 8 May 8 13:19 .ssh/ssh-key.personal -> id_rsa.2
Apparently now that isn't allowed anymore; changing my config file to use the id_rsa file explicitly works:
$ fgrep -A5 fw1 .ssh/config
Host fw1 fw1.<redacted>
hostname fw1.<redacted>
user <redacted>
#IdentityFile ~/.ssh/ssh-key.nato
IdentityFile ~/.ssh/id_rsa.4
port <redacted>
/home/fukawi2 $ ssh fw1
Last login: Thu May 12 19:02:11 2011 from <redacted>
INFO: Setting proxy to http://proxy.<redacted>:3128
INFO: Loaded Local file: '/etc/bashrc'
fw1 ~ $
Last edited by fukawi2 (2011-05-12 09:07:32)
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
Keychain is the easiest "one password prompt per session" solution. My ~/.bash_profile includes:
# start keychain, feed it keys and source the results
/usr/bin/keychain -Q -q ~/.ssh/id_rsa < /dev/null
[ -f $HOME/.keychain/$HOSTNAME-sh ] && source $HOME/.keychain/$HOSTNAME-sh
SSH_ASKPASS specifies which GUI tool to run when a passphrase is required; popular choices include x11-ssh-askpass and gtk-led-askpass.
Last edited by thayer (2011-05-12 13:55:09)
thayer williams ~ cinderwick.ca
Offline
thayer, thank you so much for that post; keychain works like a dream in kde combined with openssh-askpass.
Arch x86_64
Offline
thayer, thank you so much for that post; keychain works like a dream in kde combined with openssh-askpass.
You're very welcome, glad it did the trick!
thayer williams ~ cinderwick.ca
Offline