Remove stored identities from ssh-agent

vinaytp · 03-15-2010, 04:55 AM

Dear All,

I have added an identity to ssh-agent

Code:

ssh-agent /bin/bash
ssh-add ~/.ssh/id_dsa

After restarting the machine. I removed all the identities by

Code:

[vinay@vinay asterisk]$ ssh-add -d ~/.ssh/id_dsa
Bad key file /home/vinay/.ssh/id_dsa
[vinay@vinay asterisk]$ ssh-add -D ~/.ssh/id_dsa
All identities removed.

Now when I try to login to a machine, it still asks for passphrase, why is this ?

Code:

[vinay@vinay asterisk]$ ssh vinay@localhost
Enter passphrase for key '/home/vinay/.ssh/id_dsa':

evo2 · 03-15-2010, 04:58 AM

Isn't that the expected behavior? The ssh-agent has not identities.

Evo2.

vinaytp · 03-15-2010, 05:28 AM

Quote:

Originally Posted by evo2

Isn't that the expected behavior? The ssh-agent has not identities.

Evo2.

Thanks for reply evo2.

As per my understanding If it doesn't have identities, then it should directly ask for password. why is it asking for pass pharse ?

Normally it won't ask for password if the identity is stored, it just asks for pass phrase. Here after asking for pass phrase its asking for password too, even after removing the identity from ssh-agent.

How can I stop this behavior, I mean it should directly ask for password. It should stop asking pass phrase.

evo2 · 03-15-2010, 06:09 AM

I think it depends on how the client is set up. You can specify with the PreferredAuthentications field in your .ssh/config or /etc/ssh/ssh_config. According to the ssh_config man page on my system, the default order is:

gssapi-with-mic, hostbased, publickey, keyboard-interactive, password

You can also override this on the command line.

Cheers,

Evo2.