SSH 每次都询问密码
SSH asking every single time for passphrase
我的私钥有一个烦人的问题。每次我想在终端或 Tower 应用程序中通过 ssh clone
或 push
时,我都必须输入我的密码。
我什至删除并重新创建了 ssh 密钥并在 Github 上设置了几次密钥,但看起来它的生命周期很短,几分钟后就过期了!
我按照 generate a new SSH key 创建了密钥。最后我 运行 ssh-add ~/.ssh/id_rsa
打印出来:
Identity added: /Users/sajad/.ssh/id_rsa (/Users/sajad/.ssh/id_rsa)
重新启动机器后,我 运行 ssh-add -l
检查它是否仍然存在,结果如下:
The agent has no identities.
我该如何解决这个问题?我用的是 macOS。
我的/etc/ssh/ssh_config
:
# $OpenBSD: ssh_config,v 1.30 2016/02/20 23:06:23 sobrado Exp $
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# Site-wide defaults for some commonly used options. For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.
Host *
SendEnv LANG LC_*
# Host *
# ForwardAgent no
# ForwardX11 no
# RhostsRSAAuthentication no
# RSAAuthentication yes
# PasswordAuthentication yes
# HostbasedAuthentication no
# GSSAPIAuthentication no
# GSSAPIDelegateCredentials no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# IdentityFile ~/.ssh/id_ecdsa
# IdentityFile ~/.ssh/id_ed25519
# Port 22
# Protocol 2
# Cipher 3des
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
# VisualHostKey no
# ProxyCommand ssh -q -W %h:%p gateway.example.com
# RekeyLimit 1G 1h
确保您确实在使用 SSH
这听起来确实像是您的遥控器根本没有使用 SSH,而是使用 HTTP。在这种情况下,每次您使用遥控器时,它都会要求您进行身份验证。
您可以通过查看您的远程 URL 来检查这一点。对于 SSH,您希望它看起来像这样:
$ git remote -v
origin git@github.com:yourUsername/yourRepo (fetch)
origin git@github.com:yourUsername/yourRepo (push)
如果您使用的是 HTTP,那么它将看起来像这样:
$ git remote -v
origin https://github.com/yourUsername/yourRepo.git (fetch)
origin https://github.com/yourUsername/yourRepo.git (push)
如果您发现它被设置为使用 HTTP,则很容易更改。
git remote set-url origin git@github.com:yourUsername/yourRepo
每次使用 SSH 密钥时都要求输入密码
如果发现您已经在使用 SSH,您应该检查您的 SSH 配置。在 Mac.
上有两个位置需要检查
/etc/ssh/ssh_config
/Users/{your_username}/.ssh/config
特别是,您不想要此设置:
AddKeysToAgent confirm
来自 ssh_config 手册页:
AddKeysToAgent
Specifies whether keys should be automatically added to a running
ssh-agent(1). If this option is set to ``yes'' and a key is
loaded from a file, the key and its passphrase are added to the
agent with the default lifetime, as if by ssh-add(1). If this
option is set to ``ask'', ssh will require confirmation using the
SSH_ASKPASS program before adding a key (see ssh-add(1) for
details). If this option is set to ``confirm'', each use of the
key must be confirmed, as if the -c option was specified to
ssh-add(1). If this option is set to ``no'', no keys are added
to the agent. The argument must be ``yes'', ``confirm'',
``ask'', or ``no''. The default is ``no''.
这是 -c
标志对 ssh-add
的描述:
-c Indicates that added identities should be subject to confirmation
before being used for authentication. Confirmation is performed
by ssh-askpass(1). Successful confirmation is signaled by a zero
exit status from ssh-askpass(1), rather than text entered into
the requester.
启动时代理中不存在 SSH 密钥
重启机器后,钥匙不见了是正常的。开机后至少要添加一次
SuperUser and AskDifferent.
上的一个非常相似的问题有一些非常好的解决方案
基本要点是 Apple 最近更改了 Sierra 中的一些行为。值得庆幸的是,通过将以下内容添加到 ~/.ssh/config
文件的顶部,很容易让它们恢复原状:
Host *
AddKeysToAgent yes
UseKeychain yes
这应该足以让它开始使用钥匙串 store/retrieve 您的 SSH 密钥密码。
# ~/.ssh/config:
AddKeysToAgent yes
# you should also add "-t" to ssh-agent startup to forget decrypted keys
# after some time (here: 1 hour, overridden by ssh-add - in case you really
# need to use some keys all the time)
# ~/.bashrc:
if ! pidof /usr/bin/ssh-agent >/dev/null; then
ssh-agent -t 3600 > ~/.ssh/.agent.pid
fi
source ~/.ssh/.agent.pid >&/dev/null
我的私钥有一个烦人的问题。每次我想在终端或 Tower 应用程序中通过 ssh clone
或 push
时,我都必须输入我的密码。
我什至删除并重新创建了 ssh 密钥并在 Github 上设置了几次密钥,但看起来它的生命周期很短,几分钟后就过期了!
我按照 generate a new SSH key 创建了密钥。最后我 运行 ssh-add ~/.ssh/id_rsa
打印出来:
Identity added: /Users/sajad/.ssh/id_rsa (/Users/sajad/.ssh/id_rsa)
重新启动机器后,我 运行 ssh-add -l
检查它是否仍然存在,结果如下:
The agent has no identities.
我该如何解决这个问题?我用的是 macOS。
我的/etc/ssh/ssh_config
:
# $OpenBSD: ssh_config,v 1.30 2016/02/20 23:06:23 sobrado Exp $
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# Site-wide defaults for some commonly used options. For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.
Host *
SendEnv LANG LC_*
# Host *
# ForwardAgent no
# ForwardX11 no
# RhostsRSAAuthentication no
# RSAAuthentication yes
# PasswordAuthentication yes
# HostbasedAuthentication no
# GSSAPIAuthentication no
# GSSAPIDelegateCredentials no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# IdentityFile ~/.ssh/id_ecdsa
# IdentityFile ~/.ssh/id_ed25519
# Port 22
# Protocol 2
# Cipher 3des
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
# VisualHostKey no
# ProxyCommand ssh -q -W %h:%p gateway.example.com
# RekeyLimit 1G 1h
确保您确实在使用 SSH
这听起来确实像是您的遥控器根本没有使用 SSH,而是使用 HTTP。在这种情况下,每次您使用遥控器时,它都会要求您进行身份验证。
您可以通过查看您的远程 URL 来检查这一点。对于 SSH,您希望它看起来像这样:
$ git remote -v
origin git@github.com:yourUsername/yourRepo (fetch)
origin git@github.com:yourUsername/yourRepo (push)
如果您使用的是 HTTP,那么它将看起来像这样:
$ git remote -v
origin https://github.com/yourUsername/yourRepo.git (fetch)
origin https://github.com/yourUsername/yourRepo.git (push)
如果您发现它被设置为使用 HTTP,则很容易更改。
git remote set-url origin git@github.com:yourUsername/yourRepo
每次使用 SSH 密钥时都要求输入密码
如果发现您已经在使用 SSH,您应该检查您的 SSH 配置。在 Mac.
上有两个位置需要检查/etc/ssh/ssh_config
/Users/{your_username}/.ssh/config
特别是,您不想要此设置:
AddKeysToAgent confirm
来自 ssh_config 手册页:
AddKeysToAgent Specifies whether keys should be automatically added to a running ssh-agent(1). If this option is set to ``yes'' and a key is loaded from a file, the key and its passphrase are added to the agent with the default lifetime, as if by ssh-add(1). If this option is set to ``ask'', ssh will require confirmation using the SSH_ASKPASS program before adding a key (see ssh-add(1) for details). If this option is set to ``confirm'', each use of the key must be confirmed, as if the -c option was specified to ssh-add(1). If this option is set to ``no'', no keys are added to the agent. The argument must be ``yes'', ``confirm'', ``ask'', or ``no''. The default is ``no''.
这是 -c
标志对 ssh-add
的描述:
-c Indicates that added identities should be subject to confirmation before being used for authentication. Confirmation is performed by ssh-askpass(1). Successful confirmation is signaled by a zero exit status from ssh-askpass(1), rather than text entered into the requester.
启动时代理中不存在 SSH 密钥
重启机器后,钥匙不见了是正常的。开机后至少要添加一次
SuperUser and AskDifferent.
上的一个非常相似的问题有一些非常好的解决方案基本要点是 Apple 最近更改了 Sierra 中的一些行为。值得庆幸的是,通过将以下内容添加到 ~/.ssh/config
文件的顶部,很容易让它们恢复原状:
Host *
AddKeysToAgent yes
UseKeychain yes
这应该足以让它开始使用钥匙串 store/retrieve 您的 SSH 密钥密码。
# ~/.ssh/config:
AddKeysToAgent yes
# you should also add "-t" to ssh-agent startup to forget decrypted keys
# after some time (here: 1 hour, overridden by ssh-add - in case you really
# need to use some keys all the time)
# ~/.bashrc:
if ! pidof /usr/bin/ssh-agent >/dev/null; then
ssh-agent -t 3600 > ~/.ssh/.agent.pid
fi
source ~/.ssh/.agent.pid >&/dev/null