SSH Agent loses identity while restart machine
Solution 1
It's normal. The purpose of a key agent is just to hold decrypted keys in memory, but it will never write them to disk. (That would defeat the purpose – why not just unprotect the main key instead?)
So the keys must be unlocked on each login, and you need to automate this – on Linux using pam_ssh
is one option; it automatically uses your OS password to unlock the agent. Another similar module is pam_envoy
, which is slightly more reliable afaik (but requires systemd).
Both modules will start the agent itself and load keys automatically.
Solution 2
On OS X, ssh-add has a special flag to connect to Keychain if you decide to store your private key in there.
Just run ssh-add -K ~/.ssh/id_rsa
.
I believe this answers your question more fully. This OS X specific flag is hard to find documentation for but it's been working since at least OS X Leopard.
Solution 3
Try to this to your ~/.bashrc:
if [ ! -S ~/.ssh/id_rsa ]; then
eval `ssh-agent`
ln -sf "$SSH_AUTH_SOCK" ~/.ssh/id_rsa
ssh-add
fi
export SSH_AUTH_SOCK=~/.ssh/id_rsa
This should only prompt for the password once you are login.
Related videos on Youtube
Comments
-
Niks over 1 year
After creating keys with name
id_rsa
at it's default location. I am adding identity to SSH agent with commandssh-add ~/.ssh/id_rsa
, It's adding successfully.I can SSH without entering pass phrase of key as It's already with SSH Agent.
But ,when I restart machine or server and then check for identity with command
ssh-add -L
I am getting message likeThe agent has no identities
.Does that means when we restart machine, Agent lost identity? Is this normal behavior or some thing I am missing here?
Please guide me, I am not much familiar with SSH.
-
Admin almost 8 yearsSee this thread on Unix&Linux site.
-
-
Niks almost 9 yearsThanks for reply, That means SSH agent is working properly. And after adding this it won't require to add identity each time when start machine? Sorry if this is silly question but I am very new to ssh.
-
Shiro almost 9 yearsIf you ssh key have password, it will prompt every time you login.
-
Niks almost 9 yearsany idea how to automate on mac osx terminal?
-
Niks almost 9 yearsWhen I ran command
$SSH_AUTH_SOCK
I am getting result as:-bash: /tmp/ssh-gT43vE99vk/agent.511
: Permission denied I am confused here.. weather my agent forwarding working or not.. can you plz guide? -
user1686 almost 9 yearsIt's not meant to be used as a command – it's a variable, something you use as part of another command. For example
echo $SSH_AUTH_SOCK
to print its value. -
Niks almost 9 yearshey buddy.. any idea? stackoverflow.com/questions/31916395/…
-
kasperd about 8 yearsThis answer is harmful. If you do what it says, it will delete your private key. If you have no other way to authenticate, you will lose access to systems where you have been using public key authentication.
-
lucasarruda over 6 yearsThis is the proper answer, followed by a
ssh-add -A
which will add all keys in Keychain. Additionally, also create a~/.ssh/config
and addUseKeychain yes
so macOS will always preserve your key, as described here: unix.stackexchange.com/questions/140075/… -
Daniel almost 6 yearsMy MacBook still forgets my identity when I reboot, even after trying this.