Can't add generated ssh key to ssh agent "Could not open a connection to your authentication agent"

linux debian ssh terminal github
10,561

Solution 1

I deleted all keys and tried to pass the whole procedure again. It did work when I created keys without sudo as in:

user@home-machine ~ $ ssh-keygen -t ed25519 -C "my@email"

Thanks to @Panki for the tip. Don't remember, why was I using sudo to create keys.

Solution 2

user@home-machine ~ $ eval "$(ssh-agent -s)"
Agent pid 2864

Here you're starting the ssh-agent as user. This initializes the SSH_AUTH_SOCK environment variable which is used by the other SSH tools to find the Unix socket for the agent.

user@home-machine ~ $ sudo ssh-add root/.ssh/id_ed25519
[sudo] password for user:
Could not open a connection to your authentication agent.

And here you invoke ssh-add as root. Unless you have explicitly configured sudo to pass the SSH_AUTH_SOCK environment variable across the sudo transition, it by default will not transfer it to root's environment.

Without the environment variable, the ssh-add command will not be able to find the ssh-agent socket, as it is located in a randomly-named sub-directory (typically /tmp/ssh-<random_alphabet_soup>/agent.<number>). The socket and the directory it's in is also only accessible by the original user, but usually that's not a problem for root.

If you want the agent to work across the sudo transition for this user specifically, you would need to add something like this to your /etc/sudoers file:

Defaults:user env_keep+=SSH_AUTH_SOCK

(Replace user with the actual username, of course.)

If you want it to work for all users when they're transitioning to root using sudo, you could do it this way:

Defaults>root env_keep+=SSH_AUTH_SOCK
Share:
10,561

Related videos on Youtube

Vladimir Markiev
Author by

Vladimir Markiev

Linguist, translator. Always overthink small things. Like everyone on the internet love looking at pictures of cats. Almost forgot, I believe in freedom and equality for all. How cool is that?

Updated on September 18, 2022

Comments

  • Vladimir Markiev
    Vladimir Markiev over 1 year

    Firstly, yes, I read similar questions and answers here and on stackoverflow. It didn't seem to give any visible result so I'm making a new question.

    I am using the latest Debian Buster and trying to set up access to GitHub from the terminal. I follow the steps to set up ssh connection on the official GitHub site here and here.

    user@home-machine ~ $ sudo ssh-keygen -t ed25519 -C "my@email"
Generating public/private ed25519 key pair.
Enter file in which to save the key (/root/.ssh/ed25519): 
Enter passphrase (empty for no passphrase): [I don't use passphrase]
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/ed25519.
Your public key has been saved in /root/.ssh/ed25519.pub.
The key fingerprint is:
SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx my@email
The key's randomart image is:
+--[ED25519 256]--+
xxxxxxxxxxxxxxxxxxx
+----[SHA256]-----+

user@home-machine ~ $ eval "$(ssh-agent -s)"
Agent pid 2864
user@home-machine ~ $ ssh-add ~/.ssh/id_ed25519
/home/user/.ssh/id_ed25519: No such file or directory
user@home-machine ~ $ sudo ssh-add ~/.ssh/id_ed25519
#here is me being stupid and not seeing the correct path, bu I amended the mistake below
user@home-machine ~ $ sudo ssh-add root/.ssh/id_ed25519
[sudo] password for user:
Could not open a connection to your authentication agent.

    Why is it not working? What am I doing wrong? Sorry, I'm just learning Linux and git and could be missing something. I would appreciate your help.

    EDIT: Tried to execute commands:

    debtop@DebTop:~$ echo $SSH_AGENT_PID
2864
debtop@DebTop:~$ echo $SSH_AUTH_SOCK
/tmp/ssh-wpXiIKBOY4x7/agent.2863
debtop@DebTop:~$ eval$(ssh-agent -s)
bash: evalSSH_AUTH_SOCK=/tmp/ssh-yUWON3uD5kT5/agent.4242;: File or directory doesn't exist
    • Panki
      Panki over 3 years
      The problem most likely arises because you don't have correct permissions to load the keyfile. Either become root completely (sudo -i) or create the key as your normal user. Why do you even use sudo to create the key? That is not necessary.
  • Kusalananda
    Kusalananda over 3 years
    Also note that the | in -C |"my@email" ought to be an issue as it introduces a pipe in the command line end tries to run your email address as a command (and -C won't get an argument). Please consider updating it to the command that you are actually using.
  • Vladimir Markiev
    Vladimir Markiev over 3 years
    I think the pipe was a typo when I copied it from the terminal to the question. Thank for the info anyway.
  • ilkkachu
    ilkkachu over 3 years
    @VladimirMarkiev, you can edit the posts here to fix typos like that

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Running scripts independently on Raspberry Pi
-su: /dev/tty: No such device or address
How to handle special characters in a wget download link?
Command : must be run from a terminal
Generate a SSH pair with AES-256-CBC
Connecting to a wireless network (open and protected) from terminal
PuTTY Serial `logout` or `exit` alternative
Cannot SSH log into Debian virtual machine from windows 7 via Putty
Terminal highlight error when compiling with a make file
SSH ing in one terminal and duplicating it