Discussion:
[PLUG] Restoring ssh-agent with passphrase
Rich Shepard
2018-11-14 18:10:09 UTC
Permalink
Regenerating the public/private key pairs on the new desktop allowed
rsync, ssh, and scp to work once more. And they sill do today. Whew!

I had activated ssh-agent and used ssh-add to add my passphrase to it.
This no longer works and I cannot re-add my passphrase. I killed the
ssh-agent and restarted it, but the ssh-add command does not ask for the
passphrase, just returns the shell prompt.

My web search didn't find an appropriate solution and I hope someone here
can.

Regards,

Rich
Rich Shepard
2018-11-14 19:28:21 UTC
Permalink
Are you sure your new key has a passphrase? When you use the key directly
(without the agent), do you have to enter a passphrase?
Wes,

Good question. When I use ssh and scp I'm asked for my passphrase. Is
this what you're asking?

Regards,

Rich
Rich Shepard
2018-11-14 20:29:15 UTC
Permalink
Yes, that's what I'm asking. I don't know why ssh and scp would ask for it
but ssh-add wouldn't.
Wes,

That makes two of us.
Wild guess: maybe you now have 2 keys enabled, one with a passphrase and
one without.
Not intentionally.
... ssh is using the one with the passphrase, and ssh-add is
using the one without.
I looked at man ssh-keyscan but that looks for keys on all hosts rather
than telling me what keys are in the agent. If there's a ssh-add switch that
allows me to force entering my passphrase in the agent I did not recognize
when reading the man page.

Thanks,

Rich
Louis Kowolowski
2018-11-14 21:10:19 UTC
Permalink
man ssh-add(1)

-D Deletes all identities from the agent.
-l Lists fingerprints of all identities currently represented by the agent.

You can delete all identities, list them, to make sure there aren't any in the agent, and then re-add them with:
ssh-add <path-to-key-file> will add your key
Post by Rich Shepard
Yes, that's what I'm asking. I don't know why ssh and scp would ask for it
but ssh-add wouldn't.
Wes,
That makes two of us.
Wild guess: maybe you now have 2 keys enabled, one with a passphrase and
one without.
Not intentionally.
... ssh is using the one with the passphrase, and ssh-add is
using the one without.
I looked at man ssh-keyscan but that looks for keys on all hosts rather
than telling me what keys are in the agent. If there's a ssh-add switch that
allows me to force entering my passphrase in the agent I did not recognize
when reading the man page.
Thanks,
Rich
_______________________________________________
PLUG mailing list
http://lists.pdxlinux.org/mailman/listinfo/plug
--
Louis Kowolowski ***@cryptomonkeys.org <mailto:***@cryptomonkeys.org>
Cryptomonkeys: http://www.cryptomonkeys.com/ <http://www.cryptomonkeys.com/>

Making life more interesting for people since 1977
Rich Shepard
2018-11-14 21:47:31 UTC
Permalink
Post by Louis Kowolowski
man ssh-add(1)
-D Deletes all identities from the agent.
-l Lists fingerprints of all identities currently represented by the agent.
You can delete all identities, list them, to make sure there aren't any in
the agent, and then re-add them with: ssh-add <path-to-key-file> will add
your key
Thanks, Louis.

Would the path be ~/.ssh/id_ed25519.pub?

Rich
Rich Shepard
2018-11-14 21:52:46 UTC
Permalink
Post by Rich Shepard
Would the path be ~/.ssh/id_ed25519.pub?
Ah, no. It's the private key so the command is
ssh-ad .ssh/id_ed25519
and when I was asked for my passphrase and entered it ssh returned
acknowledgement that it was added to the agent.

Thanks very much, Louis,

Rich
Cryptomonkeys.org
2018-11-15 05:29:13 UTC
Permalink
Post by Rich Shepard
Post by Louis Kowolowski
man ssh-add(1)
-D Deletes all identities from the agent.
-l Lists fingerprints of all identities currently represented by the agent.
You can delete all identities, list them, to make sure there aren't any in
the agent, and then re-add them with: ssh-add <path-to-key-file> will add
your key
Thanks, Louis.
Would the path be ~/.ssh/id_ed25519.pub?
By default, your SSH keys are located in ~/.ssh. The public key would not be added to the agent. The private key would be added to the agent. You probably want ~/.ssh/id_ed25519.
If you have multiple keys, you can add them all (ssh-add /path/to/private/keys/*) - yes, glob on the end to grab them all at once
Of note, SSH will only use the first 3 keys by default. If you have more than 3 keys, I suggest you look at specifying a key in your ~/.ssh/config for the specific host(s).

--
Louis Kowolowski ***@cryptomonkeys.org <mailto:***@cryptomonkeys.org>
Cryptomonkeys: http://www.cryptomonkeys.com/ <http://www.cryptomonkeys.com/>

Making life more interesting for people since 1977
Rich Shepard
2018-11-15 17:03:12 UTC
Permalink
Post by Rich Shepard
Regenerating the public/private key pairs on the new desktop allowed
rsync, ssh, and scp to work once more. And they sill do today. Whew!
I found the problem: for some reason that I had a line in ~/.bash_logout
that told ssh-agent to dump the key. Sheesh! I've no idea why I ever did
this. But, this has been fixed.

Rich

Loading...