0

I want to add to my bashrc the code:

eval $(ssh-agent -s)
ssh-add ~/.ssh/id_rsa

but it is always asking to

Enter passphrase for /home/User/.ssh/id_rsa:

A friend of mine add the same snippet to bashrc and worked perfectly(without asking for passphrase and showing the message Identity added: /home/User/.ssh/id_rsa.

How can I do it in a way that I don't have to type the passphrase each time I entry on terminal and show me the info that Identity added?

BigdataADD
  • 1
  • You can add those command to a script with no password needed and call that script on your bashrc. It's a workaround but probably not the best way. Check https://unix.stackexchange.com/questions/506683/execute-shell-script-without-password/506688 – esantix Jan 17 '22 at 12:51
  • 1
    Thanks for you fast reply. But my friend added the same "code" to bashrc file and worked without asking for password – BigdataADD Jan 17 '22 at 12:57
  • It seems your private key is encrypted. Does ssh-keygen -y -f ~/.ssh/id_rsa prompt for a password? If so, you would need to unencrypt or pass the password via a script (insecure). – FelixJN Jan 17 '22 at 12:58
  • 2
    Your friend may be using a key without a passphrase. You can remove the passphrase from your key if you're not concerned with the security implications. – Kenster Jan 17 '22 at 13:13
  • The unique difference is that he is using ubuntu 18.04 and I am using ubuntu 20.04. WSL from Windows store I mean – BigdataADD Jan 17 '22 at 14:14

1 Answers1

0

The whole idea of ssh-agent is to enable you to add your keys and passphrases once so you won't have to type them again as long as the machine is running. You don't need to run ssh-add in your bashrc - you only need to run it once in your shell to type the passphrase, and as long as your ssh-agent is running, it will keep the decrypted key in it's memory and you won't have to type the passphrase again. You only need to keep the eval $(ssh-agent -s) line in your bashrc.

The reason it asks for a passphrase in the first place, is that when you create a new ssh key (using ssh-keygen), it asks the user for a passphrase. You can leave it empty to indicate that you don't want to encrypt your key, but if you do type a passphrase, you'll have to type it any time you'd want to use the key in the future (again, that's exactly where ssh-agent comes in handy).

The difference between you and your friend is that your ssh key is probably protected by a passphrase, and your friend's key is not.

As @FelixJN wrote in the comment, you can run ssh-keygen -y -f ~/.ssh/id_rsa to confirm it asks for a passphrase. If your friend runs it, it probably won't ask for it because his key is not encrypted.

aviro
  • 5,532