LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 05-26-2013, 01:39 PM   #1
Wnt2bsleepin
LQ Newbie
 
Registered: May 2013
Posts: 3

Rep: Reputation: Disabled
SSH not saving key passphrase. Trying every key


Hello,

I set up key authentication on my server. However, I cannot get the Keychain to remember the passphrase for the key itself. I have to enter it every time. I did some digging around and here are the results. It seems that on some occasions, it is trying every key even though I specified which key to use.

command
Code:
ssh <name>
-Requires the passphrase to be required everytime, even if it's entered into the keychain.
-Works off a config file
Code:
Host mcftb
    User ftb
    Hostname ftb.host.com
    IdentityFile ~/.ssh/mcvps/ftbUser.private
    IdentitiesOnly yes

Host mcbukkit
    User bukkit
    Hostname bukkit.host.com
    IdentityFile ~/.ssh/mcvps/bukkitUser.private
    IdentitiesOnly yes

Host mcroot
    User root
    Hostname bukkit.host.com
    IdentityFile ~/.ssh/mcvps/rootUser.private
    IdentitiesOnly yes

Host pbUser
    User bUser
    Hostname hostB.com
    IdentityFile ~/.ssh/personalServer/bUser.private
    IdentitiesOnly yes

Host pbackup
    User rUser
    Hostname hostB.com
    IdentityFile ~/.ssh/personalServer/rUser.private
    IdentitiesOnly yes

Host pbUser
    User bUser
    Hostname hostB.com
    IdentityFile ~/.ssh/personalServer/bUser.private
    IdentitiesOnly yes

Host proot
    User root
    Hostname hostB.com
    IdentityFile ~/.ssh/personalServer/rootUser.private
    IdentitiesOnly yes

Host wsroot
    User root
    Hostname hostC.com
    IdentityFile ~/.ssh/webserver/rootUser
    IdentitiesOnly yes

Host wsadmin
    User Admin
    Hostname hostC.com
    IdentityFile ~/.ssh/webserver/Admin.private
    IdentitiesOnly yes
The second option works with me not having to enter my passphrase everytime

command:
Code:
ssh -v -i .ssh/webserver/rootUser root@host.com
However, it seems to be trying every key that it can find.

output:
Code:
sh -v -i .ssh/webserver/rootUser root@host.com
OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /Users/User/.ssh/config
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to host.com [192.xx.xxx.xxx] port 22.
debug1: Connection established.
debug1: identity file .ssh/webserver/rootUser type -1
debug1: identity file .ssh/webserver/rootUser-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 59:41:b3:35:11:91:4c:4b:99:78:42:2a:8f:bb:ad:68
debug1: Host 'host.com' is known and matches the RSA host key.
debug1: Found key in /Users/User/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey


/**Here is where it starts offering the keys**/

debug1: Offering RSA public key: /Users/USer/.ssh/personalServer/rootUser.private
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: /Users/User/.ssh/mcvps/rootUser.private
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: rootuser.private
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: .ssh/webserver/rootUser
debug1: Server accepts key: pkalg ssh-rsa blen 149
debug1: Authentication succeeded (publickey).
Authenticated to host.com ([192.xx.xxx.xx]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-
It asks for the passphrase if I force the Identity
Code:
ssh -v -o "IdentitiesOnly yes" -i .ssh/webserver/rootUser root@host.com
Output:
Code:
OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /Users/User/.ssh/config
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to host.com [192.xx.xxx.xx] port 22.
debug1: Connection established.
debug1: identity file .ssh/webserver/rootUser type -1
debug1: identity file .ssh/webserver/rootUser-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 59:41:b3:35:11:91:4c:4b:99:78:42:2a:8f:bb:ad:68
debug1: Host 'host.com' is known and matches the RSA host key.
debug1: Found key in /Users/User/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: .ssh/webserver/rootUser
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
debug1: No more authentication methods to try.
Permission denied (publickey).
I know this is a lot. Any help is much appreciated. This is running under OSX. I also cross posted this

Reddit and Macrumors
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh inside ssh asks for "Enter passphrase for key..." hedpe Linux - Newbie 1 04-30-2012 09:20 AM
SSH skips public key authentication for a key, but works with another key simopal6 Linux - General 1 07-06-2011 08:33 AM
Putty/SSH login failed when using RSA public key: 'Server refused our key' itsecx@gmail.com Linux - Server 10 10-04-2010 01:19 PM
Revoking GPG key with only passphrase and public key djib Linux - Security 2 03-13-2007 03:20 AM
ssh / ssh-key -- its always asking for passphrase BaerRS Linux - General 1 01-07-2003 06:21 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 12:50 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration