6

The ssh-agent on my Mac causes a pop-up for certain hosts:

[me@my-laptop]$ ssh cargo2

Last login: Tue Aug  3 09:26:43 2010 from trainwreck.arlut.utexas.edu
[me@cargo2]$

But for other hosts:

[me@my-laptop]$ ssh red

And then I get the dreaded "Enter your password for the SSH key 'id_rsa'." pop-up. I know the ssh-agent is running and working because it worked for the first host.

How do I stop the pop-up for all hosts and make it always use the ssh-agent?

For reference:

$ ssh-add -l
2048 <hex value> /Users/me/.ssh/id_rsa (RSA)

$ ps aux | grep ssh-agent
me    1393   0.0  0.0  2445984   1572   ??  Ss    9:18AM   0:00.10 ssh-agent -s

$ env | grep -i ssh
SSH_AGENT_PID=1393
SSH_AUTH_SOCK=/tmp/ssh-UW4rDdw1jw/agent.1391
aaron
  • 543
  • 2
  • 7
  • 20
  • I assume you mean the OS X Keychain popup? Honestly, the thing is a godsend. But anyway… weird that some times you get it, some times you don't. – kch Aug 03 '10 at 14:53
  • Related: http://superuser.com/questions/73387/how-do-i-remove-ssh-key-passphrases-from-being-remembered-by-mac-os – kch Aug 03 '10 at 14:57
  • Also, you probably want to do some reading under the Keychain Integration section here: http://www.dribin.org/dave/blog/archives/2007/11/28/ssh_agent_leopard/ – kch Aug 03 '10 at 14:58
  • Lastly, you may want the reverse of this: http://superuser.com/questions/88470/how-to-use-mac-os-x-keychain-with-ssh-keys – kch Aug 03 '10 at 15:00
  • The next time it prompts you, check that SSH_AUTH_SOCK is still defined, and go through the steps you have done with ssh-add. Something must be changing. – Kevin Panko Aug 03 '10 at 15:25
  • @kch: I'm sure the OS X Keychain is a very useful tool, but I'm trying to stick to a configuration that works in Linux as well as OS X. Also, when I search 'ssh' in Keychain I cannot find any entry in any of the keychains. – aaron Aug 03 '10 at 17:25
  • @Kevin Panko: the environment (including SSH_AUTH_SOCK) does not change between attempts to ssh to machines, regardless of the order in which I try. I agree, something must be different, but I don't think it is the environment variables. – aaron Aug 03 '10 at 17:26
  • 1
    @aaron that's weird. Try searching for id_dsa/id_rsa. Did you manage to find your answer in any of the linked urls or do you still need help with this? – kch Aug 06 '10 at 15:01

4 Answers4

3

The same thing happened to me if ~/.ssh/id_rsa existed but ~/.ssh/id_rsa.pub did not, if you delete the pub file auth with the key still works but asks for your password every time

valexa
  • 141
  • 5
  • Thanks, this fixed the problem. I had to generate a new id_rsa.pub file. **If you want to generate a new id_rsa.pub from id_rsa, run this command in your ~/.ssh folder:** `ssh-keygen -y -f id_rsa > id_rsa.pub` (http://www.dzone.com/snippets/regenerate-idrsapub-key) – Chris Bier Jul 11 '13 at 13:20
2

It turns out that I had copied my id_rsa and id_rsa.pub files from another laptop. I copied the pub key to the servers I was trying to log into, and for some reason one of them accepted the key with a client hostname mis-match and the other did not.

To fix the problem I had to generate a new public/private key pair and distribute that.

aaron
  • 543
  • 2
  • 7
  • 20
0

Do you use different identities for these two hosts set up in ~/.ssh/config (or elsewhere)?

If you have different identities, then one might not be configured in the OS X keychain. This blog entry (not mine, just found via google) discusses how keychain works with ssh-agent in OS X Leopard.

Doug Harris
  • 27,333
  • 17
  • 78
  • 105
  • I don't have a `~/.ssh/config` file, and the system config files are the defaults that were installed a couple of days ago w/ the OS. I looked through /etc/ssh_config and everything is still commented out. – aaron Aug 03 '10 at 17:28
0

it worked for me on my mac lion with this command: rm ~/.ssh/*

http://om4.com.au/ssh-rsa-key-pairs-passphrases-leopard/

Dali Ammar
  • 1