Annoying problem with ssh keys

[Tim]

On Sun, 2008-08-17 at 00:55 +0000, Kennneth P. Turvey wrote:
> Everytime I need to use ssh I get a dialog to enter the passphrase for 
> the key.  It doesn't work.  If I cancel it three times I get a prompt on 
> the command line and the same passphrase works.  Of course it isn't 
> cached anywhere, so the next time I need to use it I have to go through 
> the same procedure again.  
> 
> How do I get ssh to behave? 
I can't explain the issue with the dialog box (possibly a bug in
ssh-askass-gnome?), but there is a solution that only requires you to
suply the pass phrase once per X login.

It is likely that you have ssh-agent running.  You can check that from a
terminal session with the command
	env | grep SSH
which will produce a line like 
	SSH_AUTH_SOCK=/tmp/keyring-n2UEyi/ssh
or
	SSH_AUTH_SOCK=/tmp/ssh-THqzVF9262/agent.9262

(I have seahorse installed and that uses the first form, while the
standard ssh agent uses the second form, which incorporates the PID of
the initial agent process in the file and directory name.)  Note that
the directory (and file, for ssh-agent) has a dynamic part, which will
change each time that you log in to X.

In that case, you can load your key into the agent, with
	ssh-add

That will load the standard keys into the agent:
	~/.ssh/identity	(SSH1, RSA)
	~/.ssh/id_dsa   (SSH2, DSA)
	~/.ssh/id_rsa   (SSH2, RSA)
after it gets the pass phrase for each key.
Note that if you have two keys with the same pass phrase, then they will
both be loaded successfully, but ssh-add will only ask once for the
phrase.

After that, any ssh clients started from your X session will be able to
ask the agent to perform required operations using your keys, without
needing you to supply the pass-phrase.  You can check that the expected
keys are loaded with
	ssh-add -l


Tim