Prompted for key password when key is in ssh-agent
In an old shell session, the number of ssh keys in ssh-agent tends to be large enough to fail authentication with the server, simply because the client just throws keys at it, FIFO fashion. It seems to do this even if the IdentityFile directive is specified for the relevant host in ~/.ssh/config.
To remedy that, I added the IdentitiesOnly directive to said file. Now, however, I'm prompted for an ssh key password when I attempt to connect to the server. This, despite the fact that the key is in ssh-agent. When I remove IdentitiesOnly from the configuration file, no prompt is presented and access is granted.
So, my questions is, how can I ensure that the correct key (and no other) is presented to a given server and avoid being prompted for that key's password?
ssh ssh-agent
asked Jan 20 at 19:29
chbchb
2961416
add a comment |
In an old shell session, the number of ssh keys in ssh-agent tends to be large enough to fail authentication with the server, simply because the client just throws keys at it, FIFO fashion. It seems to do this even if the IdentityFile directive is specified for the relevant host in ~/.ssh/config.
To remedy that, I added the IdentitiesOnly directive to said file. Now, however, I'm prompted for an ssh key password when I attempt to connect to the server. This, despite the fact that the key is in ssh-agent. When I remove IdentitiesOnly from the configuration file, no prompt is presented and access is granted.
So, my questions is, how can I ensure that the correct key (and no other) is presented to a given server and avoid being prompted for that key's password?
ssh ssh-agent
asked Jan 20 at 19:29
chbchb
2961416
add a comment |
In an old shell session, the number of ssh keys in ssh-agent tends to be large enough to fail authentication with the server, simply because the client just throws keys at it, FIFO fashion. It seems to do this even if the IdentityFile directive is specified for the relevant host in ~/.ssh/config.
To remedy that, I added the IdentitiesOnly directive to said file. Now, however, I'm prompted for an ssh key password when I attempt to connect to the server. This, despite the fact that the key is in ssh-agent. When I remove IdentitiesOnly from the configuration file, no prompt is presented and access is granted.
So, my questions is, how can I ensure that the correct key (and no other) is presented to a given server and avoid being prompted for that key's password?
ssh ssh-agent
asked Jan 20 at 19:29
chbchb
2961416
In an old shell session, the number of ssh keys in ssh-agent tends to be large enough to fail authentication with the server, simply because the client just throws keys at it, FIFO fashion. It seems to do this even if the IdentityFile directive is specified for the relevant host in ~/.ssh/config.
To remedy that, I added the IdentitiesOnly directive to said file. Now, however, I'm prompted for an ssh key password when I attempt to connect to the server. This, despite the fact that the key is in ssh-agent. When I remove IdentitiesOnly from the configuration file, no prompt is presented and access is granted.
So, my questions is, how can I ensure that the correct key (and no other) is presented to a given server and avoid being prompted for that key's password?
ssh ssh-agent
ssh ssh-agent
asked Jan 20 at 19:29
chbchb
2961416
asked Jan 20 at 19:29
chbchb
2961416
asked Jan 20 at 19:29
chbchb
2961416
asked Jan 20 at 19:29
chbchb
2961416
asked Jan 20 at 19:29
chbchb
2961416
2961416
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
I came across the solution in this blog post.
Essentially, the idea is to refer to the public key, not the private key, in the IdentityFile declaration. So the final configuration for host foo would be something like this:
Host foo
Hostname foo.org
User admin
IdentityFile ~/.ssh/foo.pub
IdentitiesOnly yes
answered Feb 10 at 18:46
chbchb
2961416
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1396372%2fprompted-for-key-password-when-key-is-in-ssh-agent%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
I came across the solution in this blog post.
Essentially, the idea is to refer to the public key, not the private key, in the IdentityFile declaration. So the final configuration for host foo would be something like this:
Host foo
Hostname foo.org
User admin
IdentityFile ~/.ssh/foo.pub
IdentitiesOnly yes
answered Feb 10 at 18:46
chbchb
2961416
add a comment |
I came across the solution in this blog post.
Essentially, the idea is to refer to the public key, not the private key, in the IdentityFile declaration. So the final configuration for host foo would be something like this:
Host foo
Hostname foo.org
User admin
IdentityFile ~/.ssh/foo.pub
IdentitiesOnly yes
answered Feb 10 at 18:46
chbchb
2961416
add a comment |
I came across the solution in this blog post.
Essentially, the idea is to refer to the public key, not the private key, in the IdentityFile declaration. So the final configuration for host foo would be something like this:
Host foo
Hostname foo.org
User admin
IdentityFile ~/.ssh/foo.pub
IdentitiesOnly yes
answered Feb 10 at 18:46
chbchb
2961416
I came across the solution in this blog post.
Essentially, the idea is to refer to the public key, not the private key, in the IdentityFile declaration. So the final configuration for host foo would be something like this:
Host foo
Hostname foo.org
User admin
IdentityFile ~/.ssh/foo.pub
IdentitiesOnly yes
answered Feb 10 at 18:46
chbchb
2961416
answered Feb 10 at 18:46
chbchb
2961416
answered Feb 10 at 18:46
chbchb
2961416
answered Feb 10 at 18:46
chbchb
2961416
2961416
add a comment |
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1396372%2fprompted-for-key-password-when-key-is-in-ssh-agent%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
