ssh-add asks about passphrases for keys already unlocked in the keychain
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssh (Ubuntu) |
Expired
|
Wishlist
|
Unassigned |
Bug Description
In the below example, on the second invocation of ssh-add I should not be prompted to enter the passphrase again after I successfully entered it on the first instance. This used to work fine in trusty i386 setup.
$ keychain && ssh-add
* keychain 2.8.2 ~ http://
* Starting ssh-agent...
Enter passphrase for /home/rolf/
Identity added: /home/rolf/
Enter passphrase for /home/rolf/
Identity added: /home/rolf/
$ keychain && ssh-add
* keychain 2.8.2 ~ http://
* Found existing ssh-agent: 25744
Enter passphrase for /home/rolf/
Identity added: /home/rolf/
Enter passphrase for /home/rolf/
Identity added: /home/rolf/
gnome-keyring is running:
$ ps -ax|grep key
2067 ? SLl 0:05 /usr/bin/
2078 ? Ssl 0:01 /usr/lib/
6987 ? S 0:00 /usr/bin/ssh-agent -D -a /run/user/
17832 pts/2 S+ 0:00 grep --color=auto key
ssh-agent is running:
$ ps aux | grep ssh-agent
leggewie 1928 0.0 0.0 15548 340 ? Ss 02:38 0:00 /usr/bin/ssh-agent /usr/bin/im-launch env LD_PRELOAD=
leggewie 6987 0.0 0.0 11304 1484 ? S 02:50 0:00 /usr/bin/ssh-agent -D -a /run/user/
leggewie 9952 0.0 0.0 11304 320 ? Ss 04:11 0:00 ssh-agent bash
leggewie 17850 0.0 0.0 14492 1160 pts/2 S+ 06:06 0:00 grep --color=auto ssh-agent
$ env|grep SSH
SSH_AUTH_
SSH_AGENT_PID=9952
SSH_AGENT_
description: | updated |
description: | updated |
description: | updated |
summary: |
- ssh-add asks about passphrases for key already unlocked in the keychain + ssh-add asks about passphrases for keys already unlocked in the keychain |
description: | updated |
description: | updated |
I finally was able to solve this. It turns out, my key was too old and thus kind of disabled as a security measure, I suppose. After creating a new key based off ED25519 and adding the corresponding public key to ~/.ssh/ authorized_ keys on the server, things are now working again.
Can we please do better and inform the user what's wrong instead of silently pretending to be working but dropping the unlocked key? FWIW, even now with the process working again "keychain -l" still lists nothing. I'm not 100% sure but that looks like a bug of its own.