Home / server / Questions / 568715
Accepted
Léo Léopold Hertz 준영
Asked: 2014-01-22 01:12:50 +0800 CST

Ssh-add and contacting server unsuccessfully

  • 772

I forgot how to do this procedure.

I did on OSX 10.9.1

  • run ssh-keygen in my server
  • moved the private-key id_rsa to my laptop's $HOME/.ssh/id_rsa, removed the private key id_rsa from my server
  • create the following $HOME/.ssh/config in my laptop
  • run ssh-add $HOME/.ssh/id_rsa

My .ssh/config

Host server.myhomepage.com
  User masi
  Port 22
  Hostname server.myhomepage.com
  IdentityFile ~/.ssh/id_rsa
  TCPKeepAlive yes
  IdentitiesOnly yes

I run

ssh-add .ssh/id_rsa 
Enter passphrase for .ssh/id_rsa: 
Identity added: .ssh/id_rsa (.ssh/id_rsa)

and running more 

ssh server.myhomepage.com
Saving password to keychain failed

and it asked my passphrase for my id_rsa in a graphical window which I gave correctly but get failed message. Then, it asks in the terminal if I enter correctly the password for my private key but showed still the failed message. I run many times with correct password 

Identity added: /Users/masi/.ssh/id_rsa (/Users/masi/.ssh/id_rsa)
[email protected]'s password: 
Permission denied, please try again.

I forgot how to do this procedure correctly. How can you have the key in your keychain correctly?

ssh

2 Answers

  1. Best Answer

    On the client side, you need both the private and the public part of the key.

    On the server side, you need to have the public part of the key in $HOME/.ssh/authorized_keys.

    So the steps that are missing in your description are:

    • copy the public key to the laptop's $HOME/.ssh/id_rsa.pub
    • add the public key to the server's $HOME/.ssh/authorized_keys
    • 5

  2. I'm going to guess you're on OSX with Mavericks. This apple support forum message seems very relevant:

    https://discussions.apple.com/thread/5470737?btstart=0

    It would appear you need to 'massage' the key generated by ssh-keygen into a form that the OSX patched openssh can work with.

    Potentially, it could be this situation instead:

    https://apple.stackexchange.com/questions/106364/osx-ssh-agent-no-password-pasting-and-problem-with-pkcs8

    If you continue to have problems, please add the top three lines of the private key, the ones that look like this:

      -----BEGIN RSA PRIVATE KEY-----
  Proc-Type: 4,ENCRYPTED
  DEK-Info: AES-128-CBC,3EA2BF123CB9E67FBB094A12A82E7BAF

    Incidentally, I'd be amused to know if you have an environment variable present called SSH_ASKPASS. That, in theory, should be how the apple ssh-add is invoking a graphical password prompt.

    Good Luck!

    • 0