问题
I have an annoying problem with my private key. Every time I want to clone or push via ssh in terminal or Tower app, I have to type my passphrase.
I even removed and recreated the ssh key and set the key on Github several times, but it looks like it has a short lifetime and after a couple of minutes, is expired!
I followed generate a new SSH key to create the key. At the end I ran ssh-add ~/.ssh/id_rsa and it printed out:
Identity added: /Users/sajad/.ssh/id_rsa (/Users/sajad/.ssh/id_rsa)
After I restarted my machine I ran ssh-add -l to check whether it's still there or not and here is the result:
The agent has no identities.
How can I fix this? I use macOS.
My /etc/ssh/ssh_config:
# $OpenBSD: ssh_config,v 1.30 2016/02/20 23:06:23 sobrado Exp $
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# Site-wide defaults for some commonly used options. For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.
Host *
SendEnv LANG LC_*
# Host *
# ForwardAgent no
# ForwardX11 no
# RhostsRSAAuthentication no
# RSAAuthentication yes
# PasswordAuthentication yes
# HostbasedAuthentication no
# GSSAPIAuthentication no
# GSSAPIDelegateCredentials no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# IdentityFile ~/.ssh/id_ecdsa
# IdentityFile ~/.ssh/id_ed25519
# Port 22
# Protocol 2
# Cipher 3des
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
# VisualHostKey no
# ProxyCommand ssh -q -W %h:%p gateway.example.com
# RekeyLimit 1G 1h
回答1:
Ensure you are actually using SSH
This really sounds like your remote is not using SSH at all, but is using HTTP. In that case, every time you use the remote, it will ask you to authenticate.
You can check this by looking at your remote URLs. For SSH you want it to look like this:
$ git remote -v
origin git@github.com:yourUsername/yourRepo (fetch)
origin git@github.com:yourUsername/yourRepo (push)
If you are using HTTP, then it will instead look like this:
$ git remote -v
origin https://github.com/yourUsername/yourRepo.git (fetch)
origin https://github.com/yourUsername/yourRepo.git (push)
If you find it is set to use HTTP, it's easy to change.
git remote set-url origin git@github.com:yourUsername/yourRepo
SSH key asking for passphrase every time it is used
If it turns out that you are already using SSH, you should check your SSH configuration. There are two locations to check on a Mac.
/etc/ssh/ssh_config/Users/{your_username}/.ssh/config
In particular, you do not want this setting:
AddKeysToAgent confirm
From the ssh_config man page:
AddKeysToAgent Specifies whether keys should be automatically added to a running ssh-agent(1). If this option is set to ``yes'' and a key is loaded from a file, the key and its passphrase are added to the agent with the default lifetime, as if by ssh-add(1). If this option is set to ``ask'', ssh will require confirmation using the SSH_ASKPASS program before adding a key (see ssh-add(1) for details). If this option is set to ``confirm'', each use of the key must be confirmed, as if the -c option was specified to ssh-add(1). If this option is set to ``no'', no keys are added to the agent. The argument must be ``yes'', ``confirm'', ``ask'', or ``no''. The default is ``no''.
And this is a description of the -c flag to ssh-add:
-c Indicates that added identities should be subject to confirmation before being used for authentication. Confirmation is performed by ssh-askpass(1). Successful confirmation is signaled by a zero exit status from ssh-askpass(1), rather than text entered into the requester.
SSH key not present in agent at startup
After you restart the machine, the key being gone is normal. You have to add it at least once after the machine starts up.
回答2:
There's some really good solutions to a very similar question over on SuperUser and AskDifferent.
The basic gist is that Apple recently changed some of these behaviours in Sierra. Thankfully, it's simple to get them back by adding the following to the top of your ~/.ssh/config file:
Host *
AddKeysToAgent yes
UseKeychain yes
That should be enough to get it to start using the keychain to store/retrieve your SSH key passphrase.
来源:https://stackoverflow.com/questions/41287226/ssh-asking-every-single-time-for-passphrase