I specifically am making sure that Snow Leopard is not allowed to remember the SSH password in my keychain, but for some reason now when I login with my ssh key it IS NOT asking for my password now. Any thoughts?
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Snow Leopard keeps remembering my SSH Key's Password
- Thread starter paleck
- Start date
- Sort by reaction score
This server will only allow key based authentication so I can't remove the key. Snow Leopard should be asking for my password every time I use the key.
There I can't help you. I thought it was a choice between key OR password authentication. Just a shot in the dark, what about changing the permissions on ~/.ssh/id_dsa.pub to 000 and then using sudo ssh?
You can protect your key with a password that CAN be stored in the keychain. I blocked SL from doing that and verified it is not showing in Keychain Access. Setting it to 000 would keep it from using it, but I'm thinking this is some kind of a bug with SL's implementation of ssh. In leopard/tiger ssh would correctly ask for my password everytime I connected to a server that used my key.
Interesting. If it's a bug you may just have to wait for 10.6.1. ssh should be able to access a file with 000 permissions when run as root, though.
Sorry I couldn't be more help.
Sorry I couldn't be more help.
Right, I was referring to running ssh as my normal user. A chmod of 000 should block my user from being able to use the key file.
Of course. That's just the only workaround I can think of that would require you to enter your password prior to connecting.
Me too
Yes, I have the same problem. I tried copying the "Terminal.app" program across from a 10.5.8 Mac, and although this functioned OK (despite being the wrong OS version), it also cached the password.
So this would appear to be the OS not the Terminal program. However, I can't find anything in the KeyChain which would explain this behaviour. I'm not sure if caching is the right word, because it still does it even after a reboot.
Re other messages in this thread, I too am logging into a server which NEEDS an SSH rsa key authentication (SSH password not accepted). I find this odd because I believe Apple uses fairly standard OpenSSL/SSH software, so they must have set the default config options differently.
Yes, I have the same problem. I tried copying the "Terminal.app" program across from a 10.5.8 Mac, and although this functioned OK (despite being the wrong OS version), it also cached the password.
So this would appear to be the OS not the Terminal program. However, I can't find anything in the KeyChain which would explain this behaviour. I'm not sure if caching is the right word, because it still does it even after a reboot.
Re other messages in this thread, I too am logging into a server which NEEDS an SSH rsa key authentication (SSH password not accepted). I find this odd because I believe Apple uses fairly standard OpenSSL/SSH software, so they must have set the default config options differently.
Further information about Snow Leopard caching SSH Private Key Passwords
Some progress on this.
It is /usr/bin/ssh-agent which is the problem. If you login using an RSA Private Key which is protected with a key unlock password, this program is now caching it for you.
This program was introduced as a default running program in regular Leopard, but only in Snow Leopard does it produce this problem. It must therefore be down to the way it is configured.
If you do "killall ssh-agent" after EACH time you type the RSA Private key unlock password, it will forget it again. But the program is automatically restarted each time you do this, so it's always one step behind you. Obviously not a very satisfactory workaround, but it does point the finger in the direction of a cure.
Some progress on this.
It is /usr/bin/ssh-agent which is the problem. If you login using an RSA Private Key which is protected with a key unlock password, this program is now caching it for you.
This program was introduced as a default running program in regular Leopard, but only in Snow Leopard does it produce this problem. It must therefore be down to the way it is configured.
If you do "killall ssh-agent" after EACH time you type the RSA Private key unlock password, it will forget it again. But the program is automatically restarted each time you do this, so it's always one step behind you. Obviously not a very satisfactory workaround, but it does point the finger in the direction of a cure.
didnt help
im running Snow 10.6.1
my airport set up looks much different then what was shown in the
start of this thread.
we have 4 computers on one router 3 of them being wireless and one ether
3 of them are PCs and im on the only mac
I'm not sure what to do to make all the net work better.
My moms SuperDell is VERY slow, my gf's xps laptop works about as well
as mine and my mom's HP is alittle slower then our laptops.
We have a linksysWRT54G Ver.8
If anyone can help, let me know
im running Snow 10.6.1
my airport set up looks much different then what was shown in the
start of this thread.
we have 4 computers on one router 3 of them being wireless and one ether
3 of them are PCs and im on the only mac
I'm not sure what to do to make all the net work better.
My moms SuperDell is VERY slow, my gf's xps laptop works about as well
as mine and my mom's HP is alittle slower then our laptops.
We have a linksysWRT54G Ver.8
If anyone can help, let me know