SSH每次都要求密码 [英] SSH asking every single time for passphrase

查看:191
本文介绍了SSH每次都要求密码的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我的私钥存在一个令人讨厌的问题。每当我想通过终端或塔式应用程序中的ssh来 clone 或 push ,我必须输入我的密码。 / p>

我甚至删除并重新创建了ssh密钥,并在Github上多次设置了密钥,但看起来它的寿命很短,并在几分钟后过期!



我跟着生成一个新的SSH密钥来创建密钥。最后,我运行 ssh-add〜/ .ssh / id_rsa 并打印出来: 

 添加的身份:/Users/sajad/.ssh/id_rsa(/Users/sajad/.ssh/id_rsa)

重新启动我的机器后,我运行 ssh-add -l <​​/ code>来检查它是否存在,结果如下:

 代理没有身份。

我该如何解决这个问题?我使用macOS。



我的 / etc / ssh / ssh_config 

 #$ OpenBSD:ssh_config,v 1.30 2016/02/20 23:06:23 sobrado Exp $ 
 
#这是ssh客户端系统范围的配置文件。有关更多信息,请参阅
#ssh_config(5)。此文件为
#用户提供默认值,并且可以在每个用户的配置文件
#中或在命令行中更改这些值。 
 
#配置数据解析如下:
#1.命令行选项
#2.用户特定文件
#3.系统范围文件
#任何配置值仅在第一次设置时才会更改。 
#因此,特定于主机的定义应该在
#配置文件的开头,最后是缺省值。 
 
#一些常用选项的站点范围默认值。有关可用选项的全面
#列表,其含义和默认值,请参阅
#ssh_config(5)手册页。 
 
 Host * 
 SendEnv LANG LC_ * 
 
#Host * 
#ForwardAgent no 
#ForwardX11 no 
#RhostsRSAAuthentication no 
#RSAAuthentication yes 
#PasswordAuthentication yes 
#HostbasedAuthentication no 
#GSSAPIAuthentication no 
#GSSAPIDelegateCredentials no 
#BatchMode no 
#CheckHostIP yes 
#AddressFamily任何
#ConnectTimeout 0 
#StrictHostKeyChecking询问
#IdentityFile〜/ .ssh / identity 
#IdentityFile〜/ .ssh / id_rsa 
#IdentityFile 〜/ .ssh / id_dsa 
#IdentityFile〜/ .ssh / id_ecdsa 
#IdentityFile〜/ .ssh / id_ed25519 
#端口22 
#协议2 
#密码3des 
#密码aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc 
#MAC hmac-md5,hmac-sha1,umac-64 @ openssh。 com,hmac-ripemd160 
#EscapeChar〜
#Tunnel no 
#TunnelDevice any:any 
#PermitLocalCommand no 
#VisualHostKey no 
 #ProxyCommand ssh -q -W%h:%p gateway.example.com 
#RekeyLimit 1G 1h




这听起来像你的远程没有使用SSH,但是使用HTTP。在这种情况下,您每次使用遥控器时,都会要求您进行身份验证。



您可以通过查看远程URL来检查此信息。对于SSH,您希望它看起来像这样:

  $ git remote -v 
 origin git@github.com: yourUsername / yourRepo(fetch)
 origin git@github.com:yourUsername / yourRepo(push)



<如果您使用的是HTTP,那么它将看起来像这样:

  $ git remote -v 
 origin https://github.com/yourUsername/yourRepo.git(fetch)
 origin https://github.com/yourUsername/yourRepo.git(推送)

如果您发现它设置为使用HTTP,则很容易更改。

  git remote set-url origin git@github.com:yourUsername / yourRepo



SSH密钥在每次使用时都要求输入密码

如果你已经使用SSH,你应该检查你的SSH配置。有两个位置可以在Mac上查看。




  • / etc / ssh / ssh_config

  • / Users / {your_username} /。ssh / config



特别是,您不需要此设置: 

  AddKeysToAgent确认

从ssh_config手册页: 


  AddKeysToAgent 
指定是否应该将键自动添加到正在运行的
 ssh-agent(1)中。如果此选项设置为yes,并且密钥是从文件加载的
,则密钥及其密码将被添加到具有默认生命周期的
代理程序,就像通​​过ssh-add( 1)。如果这个
选项设置为``ask'',那么在添加一个密钥之前,ssh将需要使用
 SSH_ASKPASS程序进行确认(有关
的详细信息,请参阅ssh-add(1))。如果此选项设置为confirm,则必须确认每次使用
键,就像将-c选项指定为
 ssh-add(1)一样。如果此选项设置为否,则不向密钥添加密钥
。参数必须是yes,confirm,
ask或no。默认是否。


这是 -c 标记为 ssh-add 


  -c表示添加的身份在用于身份验证之前应该经过
确认。确认通过ssh-askpass(1)执行
。成功的确认通过ssh-askpass(1)的零
退出状态发出,而不是输入
请求者的文本。




SSH启动时不在代理中



重新启动机器后,钥匙不见了是正常现象。您必须在机器启动后至少添加一次。


I have an annoying problem with my private key. Every time I want to clone or push via ssh in terminal or Tower app, I have to type my passphrase.

I even removed and recreated the ssh key and set the key on Github several times, but it looks like it has a short lifetime and after a couple of minutes, is expired!

I followed generate a new SSH key to create the key. At the end I ran ssh-add ~/.ssh/id_rsa and it printed out:

Identity added: /Users/sajad/.ssh/id_rsa (/Users/sajad/.ssh/id_rsa)

After I restarted my machine I ran ssh-add -l to check whether it's still there or not and here is the result:

The agent has no identities.

How can I fix this? I use macOS.

My /etc/ssh/ssh_config:

#   $OpenBSD: ssh_config,v 1.30 2016/02/20 23:06:23 sobrado Exp $

# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options.  For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

Host *
        SendEnv LANG LC_*

# Host *
#   ForwardAgent no
#   ForwardX11 no
#   RhostsRSAAuthentication no
#   RSAAuthentication yes
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/identity
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   IdentityFile ~/.ssh/id_ecdsa
#   IdentityFile ~/.ssh/id_ed25519
#   Port 22
#   Protocol 2
#   Cipher 3des
#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
#   VisualHostKey no
#   ProxyCommand ssh -q -W %h:%p gateway.example.com
#   RekeyLimit 1G 1h

解决方案

Ensure you are actually using SSH

This really sounds like your remote is not using SSH at all, but is using HTTP. In that case, every time you use the remote, it will ask you to authenticate.

You can check this by looking at your remote URLs. For SSH you want it to look like this:

$ git remote -v
origin  git@github.com:yourUsername/yourRepo (fetch)
origin  git@github.com:yourUsername/yourRepo (push)

If you are using HTTP, then it will instead look like this:

$ git remote -v
origin  https://github.com/yourUsername/yourRepo.git (fetch)
origin  https://github.com/yourUsername/yourRepo.git (push)

If you find it is set to use HTTP, it's easy to change.

git remote set-url origin git@github.com:yourUsername/yourRepo

SSH key asking for passphrase every time it is used

If it turns out that you are already using SSH, you should check your SSH configuration. There are two locations to check on a Mac.

  • /etc/ssh/ssh_config
  • /Users/{your_username}/.ssh/config

In particular, you do not want this setting:

AddKeysToAgent confirm

From the ssh_config man page:

AddKeysToAgent
   Specifies whether keys should be automatically added to a running
   ssh-agent(1).  If this option is set to ``yes'' and a key is
   loaded from a file, the key and its passphrase are added to the
   agent with the default lifetime, as if by ssh-add(1).  If this
   option is set to ``ask'', ssh will require confirmation using the
   SSH_ASKPASS program before adding a key (see ssh-add(1) for
   details).  If this option is set to ``confirm'', each use of the
   key must be confirmed, as if the -c option was specified to
   ssh-add(1).  If this option is set to ``no'', no keys are added
   to the agent.  The argument must be ``yes'', ``confirm'',
   ``ask'', or ``no''.  The default is ``no''.

And this is a description of the -c flag to ssh-add:

-c      Indicates that added identities should be subject to confirmation
        before being used for authentication.  Confirmation is performed
        by ssh-askpass(1).  Successful confirmation is signaled by a zero
        exit status from ssh-askpass(1), rather than text entered into
        the requester.

SSH key not present in agent at startup

After you restart the machine, the key being gone is normal. You have to add it at least once after the machine starts up.

这篇关于SSH每次都要求密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆