Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

SSH not remembering keychain

W

Wnt2bsleepin

macrumors newbie
Original poster
Oct 12, 2011
15
0
Hello,

I set up key authentication on my server. However, I cannot get the Keychain to remember the passphrase for the key itself. I have to enter it every time. I did some digging around and here are the results.

command
Code: 
ssh <name>

-Requires the passphrase to be required everytime, even if it's entered into the keychain.
-Works off a config file
Code: 
Host mcftb
    User ftb
    Hostname ftb.host.com
    IdentityFile ~/.ssh/mcvps/ftbUser.private
    IdentitiesOnly yes

Host mcbukkit
    User bukkit
    Hostname bukkit.host.com
    IdentityFile ~/.ssh/mcvps/bukkitUser.private
    IdentitiesOnly yes

Host mcroot
    User root
    Hostname bukkit.host.com
    IdentityFile ~/.ssh/mcvps/rootUser.private
    IdentitiesOnly yes

Host pbUser
    User bUser
    Hostname hostB.com
    IdentityFile ~/.ssh/personalServer/bUser.private
    IdentitiesOnly yes

Host pbackup
    User rUser
    Hostname hostB.com
    IdentityFile ~/.ssh/personalServer/rUser.private
    IdentitiesOnly yes

Host pbUser
    User bUser
    Hostname hostB.com
    IdentityFile ~/.ssh/personalServer/bUser.private
    IdentitiesOnly yes

Host proot
    User root
    Hostname hostB.com
    IdentityFile ~/.ssh/personalServer/rootUser.private
    IdentitiesOnly yes

Host wsroot
    User root
    Hostname hostC.com
    IdentityFile ~/.ssh/webserver/rootUser
    IdentitiesOnly yes

Host wsadmin
    User Admin
    Hostname hostC.com
    IdentityFile ~/.ssh/webserver/Admin.private
    IdentitiesOnly yes

The second option works with me not having to enter my passphrase everytime

command:
Code: 
ssh -v -i .ssh/webserver/rootUser root@host.com

However, it seems to be trying every key that it can find.

output:
Code: 
sh -v -i .ssh/webserver/rootUser root@host.com
OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /Users/User/.ssh/config
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to host.com [192.xx.xxx.xxx] port 22.
debug1: Connection established.
debug1: identity file .ssh/webserver/rootUser type -1
debug1: identity file .ssh/webserver/rootUser-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 59:41:b3:35:11:91:4c:4b:99:78:42:2a:8f:bb:ad:68
debug1: Host 'host.com' is known and matches the RSA host key.
debug1: Found key in /Users/User/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey


/**Here is where it starts offering the keys**/

debug1: Offering RSA public key: /Users/USer/.ssh/personalServer/rootUser.private
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: /Users/User/.ssh/mcvps/rootUser.private
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: rootuser.private
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: .ssh/webserver/rootUser
debug1: Server accepts key: pkalg ssh-rsa blen 149
debug1: Authentication succeeded (publickey).
Authenticated to host.com ([192.xx.xxx.xx]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-

It asks for the passphrase if I force the Identity
Code: 
ssh -v -o "IdentitiesOnly yes" -i .ssh/webserver/rootUser root@host.com

Output:
Code: 
OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /Users/User/.ssh/config
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to host.com [192.xx.xxx.xx] port 22.
debug1: Connection established.
debug1: identity file .ssh/webserver/rootUser type -1
debug1: identity file .ssh/webserver/rootUser-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 59:41:b3:35:11:91:4c:4b:99:78:42:2a:8f:bb:ad:68
debug1: Host 'host.com' is known and matches the RSA host key.
debug1: Found key in /Users/User/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: .ssh/webserver/rootUser
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
debug1: No more authentication methods to try.
Permission denied (publickey).

I know this is a lot. Any help is much appreciated
 
Last edited:
Why do you have a separate key for each host? The idea is that you create one public/private key pair on your Mac to be "you". Then you copy the public key to the various hosts you want to authenticate to. Add the public key to the .ssh/authorized_keys or .ssh/authorized_keys2 file as appropriate. The first time you SSH with your key, you enter the passphrase. After that you won't have to enter a password again.
 
I have a key for each account on each host. I also handed out a key to say a limited user to another person, while I have access to the root account as well as all the other accounts.

I could limit it so that I have a key that is the same for my being, but I would still want to keep separate keys for the root accounts for each host. I also have accounts that.

Am I thinking about this the wrong way?
 
Again, you can have multiple public keys that are authorized to use each account. So you can add your own public key and the other guy can add his public key to authorize to that shared account. You don't have to share private keys.

When you connect to the host, you can specify which user to log in as.

ssh account@host

If your public key is authorized to multiple accounts on the host, you can select which account you want to connect as.

If you insist on having multiple private keys that mean "you", then you can use ssh-add to add multiple identities to your ssh agent. You will have to do this each time you log in. But once you are logged in you will not have to enter the passphrase for each account more than once.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back