1

I have a private SSH key on a shared development server, which is secured with a password.

Even after loading it into ssh-agent, I get re-prompted for the private key password

For some reason, even after I ssh-add the private key, and correctly respond to the password prompt, I am subsequently prompted for the same private key password again, when I git pull in a git clone which uses the same identity file on the same hostname.

I load my SSH settings after login, this way:

➜  ~ cat ~/init_ssh 
#!/usr/bin/env bash
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_rsa

I run the script and correctly answer the password prompt:

➜  ~ ~/init_ssh
Agent pid 11612
Enter passphrase for /home/username/.ssh/id_rsa: 
Identity added: /home/username/.ssh/id_rsa (/home/username/.ssh/id_rsa)

I then run git pull or git push in a specific repository clone, and every single time I have to re-enter my SSH password:

➜  repository_clone git:(master) git pull
Enter passphrase for key '/home/username/.ssh/id_rsa': 
Already up-to-date.
➜  repository_clone git:(master) git pull
Enter passphrase for key '/home/username/.ssh/id_rsa': 
Already up-to-date.

The hostname has an IdentityFile configured in ~/.ssh/config

It so happens that I have the IdentityFile for github.com explicitly set to ~/.ssh/id_rsa, in my ~/.ssh/config:

➜  repository_clone git:(master) cat ~/.ssh/config
Host github.com
    IdentityFile ~/.ssh/id_rsa

If I remove the above SSH config entry, I still have the same problem with perpetual password re-prompt.

File permissions are correct

I have confirmed, meanwhile, that all of the permissions on ~ and ~/.ssh directories and the ~/.ssh/id_rsa file are what they should be, according to this guide:

➜  ~ ls -la ~ ~/.ssh ~/.ssh/id_rsa
-rw-------  1 username username 3326 Sep 21 16:53 /home/username/.ssh/id_rsa

/home/username:
total 220
drwxr-xr-x  13 username username  4096 Sep 27 17:11 .
drwxr-xr-x  24 root     root      4096 Sep 21 16:09 ..
# [...]

/home/username/.ssh:
total 36
drwxr-xr-x  2 username username 4096 Sep 27 17:07 .
drwxr-xr-x 13 username username 4096 Sep 27 17:11 ..
-rw-r--r--  1 username username  745 Sep 21 16:43 authorized_keys
-rw-------  1 username username  455 Sep 27 17:07 config
-rw-------  1 username username 3326 Sep 21 16:53 id_rsa
-rw-r--r--  1 username username  744 Sep 21 16:53 id_rsa.pub
-rw-r--r--  1 username username 3794 Sep 26 16:28 known_hosts

I'm totally stumped! Can anyone point me in the right direction? Thanks!

Daniel B.
  • 113

1 Answers1

2

The agent you start is only available to the ~/init_ssh script, which immediately exits after it loads the key.

Use source ~/init_ssh or place eval "$(ssh-agent -s)" in your .profile or equivalent file.

After you load the agent, you should have $SSH_AUTH_SOCK point so a socket.

RalfFriedl
  • 8,981