remembering passwords on a non-GUI server

Karl Auer kauer at biplane.com.au
Sat Feb 4 12:42:44 UTC 2023 

On Sat, 2023-02-04 at 00:10 +1100, Karl Auer wrote:
> But I will keep trying things and if I figure it out will report
> back. And blog it :-)

Well. Curiouser and curiouser, as Alice remarked.

I have a particular host that I have two ssh accounts on. It's an AWS
instance; one account is the default one set up by AWS, while the other
is a personal one set up by myself.

If I try to connect using the AWS key, I am prompted for the passphrase
every time, but I am prompted by ssh.

If I try to connect using my own key, I am prompted *by my GUI*, I
guess Seahorse? to enter the passphrase, but only the first time.

The ~/.ssh/config entries are identical except for the username and the
key to use. The keys differ in format too; the AWS one is a PEM file in
OpenSSH format, the one I generated myself is an RSA private key.
However if I convert the AWS one to RSA format, I still get prompted
for a password. No difference if I use ssh-add. It seems to add the
key, and the key shows up in the list from "ssh-add -l", but I'm still
prompted. So I am pretty sure it's not the key format that's the
problem.

The other big difference is how they got onto my system. I created one
in a terminal window on my local system. The other was generated by AWS
and I copied it to my local system.

So I created a new key on my local system, in a terminal window, and
put the public key into the remote system's authorized_keys file. When
I tried to connect, I was prompted *in my GUI* for the passphrase. ?!?

Then I created another key, but I created this one on the remote host,
not on my local system. I appended the public part to the remote
system's authorized_keys file, and copied the private key back to my
system. And guess what? When I use it, I am prompted for the
passphrase, by ssh, every time.

So then I tried logging in to the remote server from itself (i.e., to
localhost), using the key I had just created. The public part of which
was already in its authorized_key file, remember. Again, I was prompted
for a passphrase by ssh.

It really does feel like there is something in the GUI system that is
doing all this. The keyring seems like the likeliest thing, but it just
seems insanely complex - and how do ssh or ssh-keygen communicate with
it?

I feel like I have nearly all the pieces of a jigsaw, but I can't see
what the picture is :-)

Regards, K.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)
http://www.biplane.com.au/kauer

More information about the ubuntu-users mailing list