SSH - Entering a Passphrase Only Once

Question

On $ ssh localhost, I was being asked to provide password. It was tedious and kind of annoying to provide password for every login.

So, I have created ssh keys with passphrase..

$ ssh-keygen -t rsa

I have copied the content of the ~/.ssh/id_rsa.pub to ~/.ssh/authorized_keys

$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

Now, on $ ssh localhost I was being asked to provide passphrase. No improvement, but instead of providing password I was providing passphrase.

I came across Adding public key to ~/.ssh/authorized_keys does not log me in automatically, but it did not address my problem. As the comment states, that if the the keys were created with a passphrase, it will always ask for passphrase.

However, if the the ssh keys would have been created without passphrase, passphrase would not be required for any ssh operation.

The key take away from this post was the verbose flag -v and

debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>

On searching about PEM_read_PrivateKey failed I came across quite a number of posts, couple of them are from stackoverflow itself.

But could not find a proper solution.

Then I came across Setting up passwordless, passphraseless ssh which states about using a ssh agent to enter the passphrase automatically.

$ eval `ssh-agent`
$ ssh-add ~/.ssh/id_rsa

or

$ eval `ssh-agent` && ssh-add ~/.ssh/id_rsa

but again, it solved only for that specific session. Every time I start a new session I have to execute the

$ eval `ssh-agent` && ssh-add ~/.ssh/id_rsa

I could add it to my .bashrc or .zshrc but it's annoying to enter the passphrase for every session.

Is there any way to use the same ssh-agent across session?

Answer 1

In order to solve the cross session ssh-agent, one has to comprehend

$ eval `ssh-agent` && ssh-add ~/.ssh/id_rsa

On executing, ssh-agent, it will output few unix command to the STDOUT

$ ssh-agent
SSH_AUTH_SOCK=/tmp/ssh-qtCEoF3298/agent.3298; export SSH_AUTH_SOCK;
SSH_AGENT_PID=3299; export SSH_AGENT_PID;
echo Agent pid 3299;

evaluating or eval-ing a command will execute the command's output.

So, eval`ssh-agent` would translate to

$ SSH_AUTH_SOCK=/tmp/ssh-qtCEoF3298/agent.3298; export SSH_AUTH_SOCK; SSH_AGENT_PID=3299; export SSH_AGENT_PID; echo Agent pid 3299;

The above statements sets the environment variables SSH_AUTH_SOCK and SSH_AGENT_PID and also prints the agent's process id to the STDOUT

The environment variable SSH_AUTH_SOCK points to a UNIX socket.

$ file $SSH_AUTH_SOCK
/tmp/ssh-qtCEoF3298/agent.3298: socket 

For any other ssh operation, it looks for this socket, if present it uses it or ask for the passphrase. But this socket needs to be authenticated, prior it can be used. And that is done by adding the identity

$ ssh-add ~/.ssh/id_rsa

Since the environment variable SSH_AUTH_SOCK is exported, it is available for any shell originating from this shell, but not any new login.

Then I came across Understanding ssh-agent and ssh-add which guided to ssh-find-agent.bash

ssh-find-agent.bash looks for all live agent socket and exports them as environment variable.

As suggested by Jon Cairns, in the post.

Download it somewhere accessible (e.g. ~/.ssh-find-agent) and add the following to your shell's configuration file (e.g. ~/.bashrc, ~/.zshrc):***

source ~/.ssh-find-agent/ssh-find-agent.bash

set_ssh_agent_socket

AND THIS IS THE SOLUTION I HAVE BEEN LOOKING FOR

I have modified the function names, to suit my preference, same can be found at ssh-auth-sock The functions related to GPG, GNOME & OSX are not required for my purpose. The script needs to be refactored.

Moreover, OS X has its own keychain. Thus I execute these functions only for Linux

I have also created an alias for eval ssh-agent && ssh-add ~/.ssh/id_rsa , which is quicker to type than the whole command.