Communities

Writing
Writing
Codidact Meta
Codidact Meta
The Great Outdoors
The Great Outdoors
Photography & Video
Photography & Video
Scientific Speculation
Scientific Speculation
Cooking
Cooking
Electrical Engineering
Electrical Engineering
Judaism
Judaism
Languages & Linguistics
Languages & Linguistics
Software Development
Software Development
Mathematics
Mathematics
Christianity
Christianity
Code Golf
Code Golf
Music
Music
Physics
Physics
Linux Systems
Linux Systems
Power Users
Power Users
Tabletop RPGs
Tabletop RPGs
Community Proposals
Community Proposals
tag:snake search within a tag
answers:0 unanswered questions
user:xxxx search by author id
score:0.5 posts with 0.5+ score
"snake oil" exact phrase
votes:4 posts with 4+ votes
created:<1w created < 1 week ago
post_type:xxxx type of post
Search help
Notifications
Mark all as read See all your notifications »
Q&A

SSH key added to agent, but keeps asking for password

+0
−0

I have my key added to ssh-agent and they show up in ssh-add -l. When I try to actually SSH to a host that requires the key, I still get prompted for a password. I enter it again and again and it seemingly refuses to cache it.

Frustratingly, this configuration is copied between several computers and only one of them has the problem, and it started recently. It is also versioned in git and I can tell I haven't changed it in a while. I used a GUI wallet manager (kwallet) to remember the passphrase, so I don't even know why it's asking for the password at all.

What could possibly account for this, and where do I start troubleshooting?

History
Why does this post require attention from curators or moderators?
You might want to add some details to your flag.
Why should this post be closed?

0 comment threads

1 answer

+0
−0

After some digging, I was able to figure out the problem. I actually have multiple keys. In Kwallet, I noticed that one of them has the wrong passphrase. So looks like I put the passphrase of Key X for both keys X and Y, and now Y is failing (because that's the wrong passphrase). It looks like Kwallet decided to remember this and never ask me, while ssh-agent kept silently failing to unlock and never telling me. Re-adding the key with correct passphrase didn't help because it kept getting the wrong passphrase from Kwallet.

To help future readers, I would recommend troubleshooting like so:

  1. Check how many SSH agents are running: pgrep ssh
  • If any are running, it's better to kill them all with pkill ssh so you can start fresh
  • You can do it with env | rg ssh
  1. Check the environment variables are set. When you run ssh-agent, it will print some commands that are meant to be sourced by a shell. These set the envars SSH_AGENT_PID and SSH_AUTH_SOCK. Of course their values will change at every run of ssh-agent, so it is better to do ssh-agent > ~/.ssh/ssh-agent.env and then source the .env file, so that you can also inspect it later.
  • SSH_AGENT_PID must match the actual PID from pgrep ssh
  • The file in SSH_AUTH_SOCK must exist
  1. Check that keys are added. ssh-add -l will show currently cached keys. ssh-add /path/to/key will add a key.
  • The key you want must be present.
  1. Check the cached passphrase. When adding keys, the agent should ask you for a passphrase in a manner determined by the envars SSH_ASKPASS and SSH_ASKPASS_REQUIRE. These are sometimes set to various password managers. For example, SSH_ASKPASS=$(which ksshaskpass) with kwallet installed allows you to check "remember password" when entering your passphrase. If a credential store is configured with these envars, open that store and see if you can find anything about the keys. It is sometimes useful to delete the saved SSH key passphrases from this store, so that it forces you to enter it again next time you do ssh-add. This will eliminate the possibility of an incorrect passphrase like I describe in the beginning of my post.
History
Why does this post require attention from curators or moderators?
You might want to add some details to your flag.

0 comment threads

Sign up to answer this question »