222

I've been trying to get ssh-add working on a RaspberryPi running Raspbian.

I can start ssh-agent, when I do it gives the following output into the terminal:

SSH_AUTH_SOCK=/tmp/ssh-06TcpPflMg58/agent.2806; export SSH_AUTH_SOCK;
SSH_AGENT_PID=2807; export SSH_AGENT_PID;
echo Agent pid 2807;

If I run ps aux | grep ssh I can see it is running.

Then I try to run ssh-add in order to add my key passphrase, and I get the following:

Could not open a connection to your authentication agent.

Any ideas?

techraf
  • 5,941
Daniel Groves
  • 2,323

9 Answers9

327

Your shell is meant to evaluate that shell code output by ssh-agent. Run this instead:

eval "$(ssh-agent)"

Or if you've started ssh-agent already, copy paste it to your shell prompt (assuming you're running a Bourne-like shell).

ssh commands need to know how to talk to the ssh-agent, they know that from the SSH_AUTH_SOCK environment variable.

Stéphane Chazelas
  • 544,893
  • Thanks, I didn't quite understand how it works. Thats very muchly appreciated. – Daniel Groves Sep 22 '12 at 17:30
  • 5
    Or you can enter ssh-agent bash and after the ssh-add will work – RaduM May 15 '13 at 13:56
  • 1
    @Stephane, do I get it correctly that ssh-agent command just prints the output of it's execution while eval version actually runs the command? – Denys S. Oct 07 '13 at 08:50
  • 6
    @DenysS. Well no, it does its setup and then tells your shell how to update its environment to be able to contact it. It cannot do that by itself. It can start a new shell with the updated environment (that's what ssh-agent bash does), but it cannot update the memory of a separate process running a foreign command (your already running shell). – Stéphane Chazelas Oct 07 '13 at 09:03
  • @StephaneChazelas, if my ssh-agent is started on boot but I still have to eval it in my shell does it mean that it is not automatically evaluated for every shell and has to be configured somehow by the root user? – Denys S. Oct 07 '13 at 09:10
  • 1
    @KamijouTouma, I've reverted the edit. Please add that information in your own answer as I don't agree with all you've said in that edit. – Stéphane Chazelas Dec 08 '15 at 17:48
  • @DenysS. you can add eval $(ssh-agent) to your ~/.bashrc at any time, for any number of users. – 4Z4T4R Oct 14 '17 at 06:50
47

Try this one:

$ ssh-agent /bin/sh
$ ssh-add $yourkey
slm
  • 369,824
user48656
  • 589
19

This question has been also very well covered on Stackoverflow.

eval `ssh-agent -s`

ssh-add
Community
  • 1
xaa
  • 455
  • 5
  • 7
7

If using csh as a shell (FreeBSD PI) this could work:

eval `ssh-agent -c`

next you only need to do something like:

ssh-add ~/.ssh/id_rsa
nbari
  • 616
5

You may also use the following syntax:

ssh-agent sh -c 'ssh-add && echo Do some stuff here.'
kenorb
  • 20,988
2

Try this: go to C:\$Installation_Folder$\Git\cmd and execute:

start-ssh-agent

It will open a cmd command and run the ssh-agent the right way.

ssh-add ~/.ssh/id_rsa should then work.

VaTo
  • 3,101
sab125
  • 21
2

This was confusing, and has 2 possible good answers, depending on whether the user is attempting to add a ssh key on a Linux or on Windows (as I am). This probably doesn't answer the OP, but is an expansion for git-bash. I run both Windows and Ubuntu for development, and my git installation is slightly different in each.

Try this: go to C:\$Installation_Folder$\Git\cmd and execute:

start-ssh-agent It will open a cmd command and run the ssh-agent the right way.

.. was a good Windows answer, but failed to specify that you were expected to go through Windows Explorer to find the Git installation folder, and run the the Windows shell would open on completion of step 1.
"go to C:\$Installation_Folder$\Git\cmd"

Step 2: you just need to double-click 

start-ssh-agent

On step 3, you go back to git-bash or whichever *nix terminal emulator you are running and run ssh-add. If you used the default name for the ssh public key, you don't have to add the name as ssh-add uses that automatically.

Wolf Halton
  • 21
2

There’s a couple of ways if you wish to use an identity with sudo, e.g. sudo npm install.

Long way, but also gives you root access so you won’t need to use sudo a lot.

  1. Run
    sudo ssh-agent bash
    This will ask for your password and after will run ssh-agent with the superuser’s privileges,
  2. Navigate to your users’ .ssh folder
    cd /home/user/.ssh

  3. From there you can run 

    ssh-add id_rsa
npm install git+ssh://git@YOUR-PROJECT-URL -g && npm link PROJECT-NAME

Short way, only your user (unless you want to sudo a lot)

eval "$(ssh-agent)"
ssh-add
sudo SSH_AUTH_SOCK="$SSH_AUTH_SOCK" npm install git+ssh://git@PROJECT-URL -g && sudo npm link PROJECT-NAME
Community
  • 1
Belldandu
  • 177
  • 1
  • 9
  • 1
    export and eval work just as well as root provided root's login shell is Bourne like. If root's shell is csh or tcsh, use eval \ssh-agent -c`` – Stéphane Chazelas Dec 08 '15 at 22:50
  • Note that you can also give root access to your ssh-agent by doing sudo SSH_AUTH_SOCK="$SSH_AUTH_SOCK" npm install... – Stéphane Chazelas Dec 08 '15 at 22:51
  • Tried both also bash is bourne again shell and neither worked properly. all users on my debian jessie instance including root are set to use bash by default. – Belldandu Dec 08 '15 at 23:51
  • What did you try? eval "$(ssh-agent)" at the prompt of a bash shell running as root will work. You'll obviously need to run ssh from that shell or its descendant so they inherit the SSH_AUTH_SOCK env var. eval "$(sudo ssh-agent)"; sudo ssh... won't work because sudo by default doesn't pass the SSH_AUTH_SOCK env var. – Stéphane Chazelas Dec 09 '15 at 09:50
  • i tried eval "$(ssh-agent)" ill be looking later to see if there is some sort of configuration error. Although the current way i have given this guide allows free control over which user you wish to be since your already root and can access any users id_rsa thats on the server. So once i get it working appropriately ill edit my answer. – Belldandu Dec 09 '15 at 19:51
  • @StéphaneChazelas is this acceptable? – Belldandu Dec 09 '15 at 20:08
  • I still get an error: key_load_private_type: Permission denied – IgorGanapolsky Aug 12 '16 at 18:43
  • -1: using sudo is not relevant to the question and is dangerous advice for common usage. – Liam Dawson Dec 13 '18 at 14:22
0

The easiest solution does not have to be bad.

You need neither ssh-agent nor ssh-add when you use a passwordless private key, see https://stackoverflow.com/a/48290333/11154841.

By this, I got rid of the error Could not open a connection to your authentication agent. ssh-add exit code 2.

That does not need to be insecure: you simply need to delete both keys of the key pair right after their usage. That means, you must delete the public key on the server and delete the private key on the client. It goes without saying: never use them again, do not even keep a backup somewhere.

Mind that you can create the public key from a private key, but not the other way round. Normally, it should suffice to simply delete the public key from the registered keys on your Git portal, but they should better be both deleted, so that the same public key can never ever be used again. Even if someone had stolen your private key, it would be of no use if you simply never use its public key again.

With a passwordless private key, you can even use it in Docker to get around any password entries. You can clone a git repo without any password, the passwordless private key is all you need. See Dockerfile: clone repo with passwordless private key. Errors: “authentication agent” or “read_passphrase: can't open /dev/tty” as an example.

questionto42
  • 477