34

Is there a way to check locally if you're providing the correct passphrase to an RSA key?

I recently had trouble pushing some commits to github because the push prompted for a password and then failed authentication. I verified that github had the correct public key for the id_rsa file in my ~/.ssh directory, and I verified that I could authenticate with Github (if you ssh git@github.com it will tell you you authenticated but that they don't offer shell access,) so I knew the problem was on my end, not Github's.

(I should point out that at this point I simply used git format-patch to get my commits as files, then blew away my working repository and re-cloned from Github, reapplied the patches using git am, and pushed without any trouble, so whatever the original problem was, it's fixed.)

This left me wondering, though: how would I know if an authentication problem with a remote host was me providing the wrong passphrase to my private key, or the remote host not recognizing my key? Is there a way to do a test authentication with the private key, locally, without trying to connect to a remote host?

pjmorse
  • 9,204
  • 9
  • 54
  • 124

2 Answers2

46

Or as pointed here: How can I test my ssh-keys locally without a server

You can do this:

ssh-keygen -y

And this doesn't require any server (works great with msysgit on Windows).

Community
  • 1
  • 1
gaborous
  • 15,832
  • 10
  • 83
  • 102
  • 1
    I was totally confused, thinking that `-y` must mean "Yes to all" -- but it doesn't, and indeed it seems to do what it's supposed to. – krlmlr Aug 15 '14 at 11:47
19

You can run ssh-add to add your key to your current ssh-agent. This will prompt for your passphrase.

Normally, when ssh-agent is running, and you add a key to it, you won't have to unlock your key any more when you connect to hosts that recognise that key. If that isn't what you want, just run ssh-add -d to remove it off your ssh-agent when you're done testing.

C. K. Young
  • 219,335
  • 46
  • 382
  • 435