Enter SSH passphrase once

Question

Before upgrade

When I was running git clone git@... (using ssh) once per computer restart a window dialog appeared containing a textbox for inserting my SSH passphrase and confirmed with OK. Then the passphrase was no longer required until the next start of my system.

After upgrading to 13.10

After upgrading to Ubuntu 13.10 that window doesn't appear anymore but a message in terminal appears:

Enter passphrase for key '/home/username/.ssh/id_rsa': 

...every time when cloning a git repository this appears.

How can I fix this? I want to enter my passphrase only once.

Answer 1

Update: seems to be a bug from 13.10:

https://bugs.launchpad.net/ubuntu/+source/libpam-ssh/+bug/1247169

---

Anyway running the following commands the problem was fixed for me:

How to fix

I fixed this by entering the following commands:

$ ssh-agent bash

This creates a new bash process that allows you to add private keys. When adding a new private key you will be prompted for the passphrase once and only once.

And then:

$ ssh-add /home/username/.ssh/id_rsa
Enter passphrase for /home/username/.ssh/id_rsa: 
Identity added: /home/username/.ssh/id_rsa (/home/username/.ssh/id_rsa)

...where username is your username. You can do the same using $USER variable:

$ ssh-add /home/$USER/.ssh/id_rsa

Alternatively, just use ~ for your home directory.

$ ssh-add ~/.ssh/id_rsa

And the problem was fixed.

Answer 2

Short answer

Use AddKeysToAgent and add the following to your .ssh/config at the beginning:

AddKeysToAgent yes

and run git/ssh/... If it's not enough, check your ssh version and check that ssh-agent is loaded with these instructions:

1) Check the openssh version

Firstly check that your ssh version, it must be greater of equal to 7.2:

ssh -V

2) Edit the config file

If it's the case just add in your .ssh/config one line at the beginning:

AddKeysToAgent yes

Other options are no (the default), yes, confirm (optionally followed by a time interval), ask or a time interval.

3) Check if ssh-agent is already open

Usually distributions automatically load an ssh-agent. To check it, run

ps aux | grep -v grep | grep ssh-agent

If you don't see any line containing it, you need to load it by running:

eval $(ssh-agent)

Note that this enable the agent only on the current terminal, so to enable it everywhere, you can try to add this line in your ~/.profile file and reboot.

Answer 3

This Atlassian document (archive.org backup) fixed the issue for me on Ubuntu 14.04 Server Edition:

Just add this values into your .bashrc file:

SSH_ENV=$HOME/.ssh/environment
start the ssh-agent
function start_agent {
    echo "Initializing new SSH agent..."
    # spawn ssh-agent
    /usr/bin/ssh-agent | sed 's/^echo/#echo/' > "${SSH_ENV}"
    echo succeeded
    chmod 600 "${SSH_ENV}"
    . "${SSH_ENV}" > /dev/null
    /usr/bin/ssh-add
}
if [ -f "${SSH_ENV}" ]; then
     . "${SSH_ENV}" > /dev/null
     ps -ef | grep ${SSH_AGENT_PID} | grep ssh-agent$ > /dev/null || {
        start_agent;
    }
else
    start_agent;
fi

And after logging in, it asks for password only once and it caches. You don't need to enter it each time.

Answer 4

A workaround for this bug is to add the following to the bottom of ~/.bashrc

eval `gnome-keyring-daemon --start`

Answer 5

I've spend far too long to get it running on WSL2 Ubuntu 20.04. Finally, we need to start ssh-agent on spawning new console, but don't load a key then. Load key upon first usage and use AddKeysToAgent.

Add following at the end of your ~/.bashrc or ~/.zshrc:

SSH_ENV="$HOME/.ssh/agent-environment"
function start_agent {
    /usr/bin/ssh-agent | sed 's/^echo/#echo/' > "${SSH_ENV}"
    chmod 600 "${SSH_ENV}"
    . "${SSH_ENV}" > /dev/null
}
if [ -f "${SSH_ENV}" ]; then
    . "${SSH_ENV}" > /dev/null
    #ps ${SSH_AGENT_PID} doesn't work under cywgin
    ps -ef | grep ${SSH_AGENT_PID} | grep ssh-agent$ > /dev/null || {
        start_agent;
    }
else
    start_agent;
fi

Note that /usr/bin/ssh-add; is deliberately missing here, comparing to original script.

And add following at the end of ~/.ssh/config file:

Host *
   AddKeysToAgent yes

Answer 6

Users of the fish shell can use this script to do the same thing.

# content has to be in .config/fish/config.fish
# if it does not exist, create the file
setenv SSH_ENV $HOME/.ssh/environment

function start_agent                                                                                                                                                                    
    echo "Initializing new SSH agent ..."
    ssh-agent -c | sed 's/^echo/#echo/' > $SSH_ENV
    echo "succeeded"
    chmod 600 $SSH_ENV 
    . $SSH_ENV > /dev/null
    ssh-add
end

function test_identities                                                                                                                                                                
    ssh-add -l | grep "The agent has no identities" > /dev/null
    if [ $status -eq 0 ]
        ssh-add
        if [ $status -eq 2 ]
            start_agent
        end
    end
end

if [ -n "$SSH_AGENT_PID" ] 
    ps -ef | grep $SSH_AGENT_PID | grep ssh-agent > /dev/null
    if [ $status -eq 0 ]
        test_identities
    end  
else
    if [ -f $SSH_ENV ]
        . $SSH_ENV > /dev/null
    end  
    ps -ef | grep $SSH_AGENT_PID | grep -v grep | grep ssh-agent > /dev/null
    if [ $status -eq 0 ]
        test_identities
    else 
        start_agent
    end  
end

Answer 7

On Ubuntu 18.04, the ssh-agent is started when the session X is opened, it is managed in the file /etc/X11/Xsession.options:

# cat /etc/X11/Xsession.options
# $Id: Xsession.options 189 2005-06-11 00:04:27Z branden $
#
# configuration options for /etc/X11/Xsession
# See Xsession.options(5) for an explanation of the available options.
allow-failsafe
allow-user-resources
allow-user-xsession
use-ssh-agent
use-session-dbus

Answer 8

Alternate solution is use keychain.
Man page.

Keychain helps you to manage SSH and GPG keys in a convenient and secure manner. It acts as a frontend to ssh-agent and ssh-add, but allows you to easily have one long running ssh-agent process per system, rather than the norm of one ssh-agent per login session.

This dramatically reduces the number of times you need to enter your passphrase.

Answer 9

If you are using ubuntu 18.04 or later, gnome keyring will launch ssh-agent and set the SSH_AUTH_SOCK environment variable. You can always verify after reboot using the command pgrep -af ssh-agent to see if ssh-agent is running and if its launched by gnome keyring you should see the output like 214325 /usr/bin/ssh-agent -D -a /run/user/1000/keyring/.ssh

If NOT you can add the following to .bashrc before adding the keychain commands.

eval `/usr/bin/gnome-keyring-daemon --start --components=pkcs11,secrets,ssh,gpg`
export SSH_AUTH_SOCK
export GPG_AGENT_INFO

To take advantage of storing the secrets in the gnome keyring, all we need is to install Seahorse aka Passwords and Keys from the Ubuntu software store using which we can add SSH keys and its passphrases using GUI.

Add the below section to SSH config file at $HOME/.ssh/config if not already present.

Host *  
    AddKeysToAgent yes

After adding the keys and its passphrases to the seahorse, install keychain and then add the following line to .bashrc.

key_files=('~/.ssh/id_rsa1' '~/.ssh/id_rsa2')
# This will inherit the ssh-agent started by the gnome keyring and hence
# we don't need to enter passphrases after every reboot.
/usr/bin/keychain --agents ssh --inherit any --eval ${key_files[*]}
source "$HOME/.keychain/$HOSTNAME-sh"

Answer 10

I use this:

vim ~/.profile

eval `/usr/bin/gnome-keyring-daemon --start --components=pkcs11,secrets,ssh,gpg`
export SSH_AUTH_SOCK
export GPG_AGENT_INFO

Answer 11

If you use azure .ppk file

Just convert it to pem and add permission 400 with simple steps:

sudo apt-get install putty
puttygen <path_to_key>/keyname.ppk -O private-openssh -o <path>/aws_key.pem
sudo chmod 400 <path>/aws_key.pem
ssh -vi aws_key.pem ubuntu@<ip_address>