Can't add generated ssh key to ssh agent "Could not open a connection to your authentication agent"
Solution 1
I deleted all keys and tried to pass the whole procedure again.
It did work when I created keys without sudo
as in:
user@home-machine ~ $ ssh-keygen -t ed25519 -C "my@email"
Thanks to @Panki for the tip. Don't remember, why was I using sudo
to create keys.
Solution 2
user@home-machine ~ $ eval "$(ssh-agent -s)"
Agent pid 2864
Here you're starting the ssh-agent
as user
. This initializes the SSH_AUTH_SOCK
environment variable which is used by the other SSH tools to find the Unix socket for the agent.
user@home-machine ~ $ sudo ssh-add root/.ssh/id_ed25519
[sudo] password for user:
Could not open a connection to your authentication agent.
And here you invoke ssh-add
as root
. Unless you have explicitly configured sudo
to pass the SSH_AUTH_SOCK
environment variable across the sudo transition, it by default will not transfer it to root
's environment.
Without the environment variable, the ssh-add
command will not be able to find the ssh-agent
socket, as it is located in a randomly-named sub-directory (typically /tmp/ssh-<random_alphabet_soup>/agent.<number>
). The socket and the directory it's in is also only accessible by the original user
, but usually that's not a problem for root.
If you want the agent to work across the sudo
transition for this user specifically, you would need to add something like this to your /etc/sudoers
file:
Defaults:user env_keep+=SSH_AUTH_SOCK
(Replace user
with the actual username, of course.)
If you want it to work for all users when they're transitioning to root using sudo
, you could do it this way:
Defaults>root env_keep+=SSH_AUTH_SOCK
Related videos on Youtube
Vladimir Markiev
Linguist, translator. Always overthink small things. Like everyone on the internet love looking at pictures of cats. Almost forgot, I believe in freedom and equality for all. How cool is that?
Updated on September 18, 2022Comments
-
Vladimir Markiev over 1 year
Firstly, yes, I read similar questions and answers here and on stackoverflow. It didn't seem to give any visible result so I'm making a new question.
I am using the latest Debian Buster and trying to set up access to GitHub from the terminal. I follow the steps to set up ssh connection on the official GitHub site here and here.
user@home-machine ~ $ sudo ssh-keygen -t ed25519 -C "my@email" Generating public/private ed25519 key pair. Enter file in which to save the key (/root/.ssh/ed25519): Enter passphrase (empty for no passphrase): [I don't use passphrase] Enter same passphrase again: Your identification has been saved in /root/.ssh/ed25519. Your public key has been saved in /root/.ssh/ed25519.pub. The key fingerprint is: SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx my@email The key's randomart image is: +--[ED25519 256]--+ xxxxxxxxxxxxxxxxxxx +----[SHA256]-----+ user@home-machine ~ $ eval "$(ssh-agent -s)" Agent pid 2864 user@home-machine ~ $ ssh-add ~/.ssh/id_ed25519 /home/user/.ssh/id_ed25519: No such file or directory user@home-machine ~ $ sudo ssh-add ~/.ssh/id_ed25519 #here is me being stupid and not seeing the correct path, bu I amended the mistake below user@home-machine ~ $ sudo ssh-add root/.ssh/id_ed25519 [sudo] password for user: Could not open a connection to your authentication agent.
Why is it not working? What am I doing wrong? Sorry, I'm just learning Linux and git and could be missing something. I would appreciate your help.
EDIT: Tried to execute commands:
debtop@DebTop:~$ echo $SSH_AGENT_PID 2864 debtop@DebTop:~$ echo $SSH_AUTH_SOCK /tmp/ssh-wpXiIKBOY4x7/agent.2863 debtop@DebTop:~$ eval$(ssh-agent -s) bash: evalSSH_AUTH_SOCK=/tmp/ssh-yUWON3uD5kT5/agent.4242;: File or directory doesn't exist
-
Panki over 3 yearsThe problem most likely arises because you don't have correct permissions to load the keyfile. Either become
root
completely (sudo -i
) or create the key as your normal user. Why do you even usesudo
to create the key? That is not necessary.
-
-
Kusalananda over 3 yearsAlso note that the
|
in-C |"my@email"
ought to be an issue as it introduces a pipe in the command line end tries to run your email address as a command (and-C
won't get an argument). Please consider updating it to the command that you are actually using. -
Vladimir Markiev over 3 yearsI think the pipe was a typo when I copied it from the terminal to the question. Thank for the info anyway.
-
ilkkachu over 3 years@VladimirMarkiev, you can edit the posts here to fix typos like that