我的私钥有一个恼人的问题。每次我想通过终端或Tower应用中的ssh clone或push时,我都必须输入我的密码。
我甚至删除并重新创建了ssh密钥并在Github上设置了几次密钥,但看起来它的生命周期很短,几分钟后就过期了!
我跟着generate a new SSH key创建了密钥。最后我跑了ssh-add ~/.ssh/id_rsa并打印出来:
Identity added: /Users/sajad/.ssh/id_rsa (/Users/sajad/.ssh/id_rsa)
重新启动机器后,我运行ssh-add -l检查它是否仍然存在,结果如下:
The agent has no identities.
我该如何解决这个问题?我使用macOS。
我的/etc/ssh/ssh_config:
# $OpenBSD: ssh_config,v 1.30 2016/02/20 23:06:23 sobrado Exp $
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# Site-wide defaults for some commonly used options. For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.
Host *
SendEnv LANG LC_*
# Host *
# ForwardAgent no
# ForwardX11 no
# RhostsRSAAuthentication no
# RSAAuthentication yes
# PasswordAuthentication yes
# HostbasedAuthentication no
# GSSAPIAuthentication no
# GSSAPIDelegateCredentials no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# IdentityFile ~/.ssh/id_ecdsa
# IdentityFile ~/.ssh/id_ed25519
# Port 22
# Protocol 2
# Cipher 3des
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
# VisualHostKey no
# ProxyCommand ssh -q -W %h:%p gateway.example.com
# RekeyLimit 1G 1h
答案 0 :(得分:10)
对于SuperUser和AskDifferent上的一个非常相似的问题,有一些非常好的解决方案。
基本要点是Apple最近改变了Sierra的一些行为。值得庆幸的是,通过将以下内容添加到~/.ssh/config文件的顶部来恢复它们非常简单:
Host *
AddKeysToAgent yes
UseKeychain yes
这应该足以让它开始使用钥匙串来存储/检索您的SSH密钥密码。
答案 1 :(得分:8)
这听起来好像你的遥控器根本没有使用SSH,而是使用HTTP。在这种情况下,每次使用遥控器时,都会要求您进行身份验证。
您可以通过查看远程网址来查看此信息。对于SSH,您希望它看起来像这样:
$ git remote -v
origin git@github.com:yourUsername/yourRepo (fetch)
origin git@github.com:yourUsername/yourRepo (push)
如果您使用的是HTTP,那么它将如下所示:
$ git remote -v
origin https://github.com/yourUsername/yourRepo.git (fetch)
origin https://github.com/yourUsername/yourRepo.git (push)
如果您发现它已设置为使用HTTP,则很容易更改。
git remote set-url origin git@github.com:yourUsername/yourRepo
如果事实证明您已在使用SSH,则应检查SSH配置。在Mac上有两个可以检查的位置。
/etc/ssh/ssh_config /Users/{your_username}/.ssh/config 特别是,您不需要此设置:
AddKeysToAgent confirm
从ssh_config手册页:
AddKeysToAgent Specifies whether keys should be automatically added to a running ssh-agent(1). If this option is set to ``yes'' and a key is loaded from a file, the key and its passphrase are added to the agent with the default lifetime, as if by ssh-add(1). If this option is set to ``ask'', ssh will require confirmation using the SSH_ASKPASS program before adding a key (see ssh-add(1) for details). If this option is set to ``confirm'', each use of the key must be confirmed, as if the -c option was specified to ssh-add(1). If this option is set to ``no'', no keys are added to the agent. The argument must be ``yes'', ``confirm'', ``ask'', or ``no''. The default is ``no''.
这是对-c的{{1}}标志的说明:
ssh-add
重启机器后,钥匙消失是正常的。您必须在机器启动后至少添加一次。
答案 2 :(得分:0)
# ~/.ssh/config:
AddKeysToAgent yes
# you should also add "-t" to ssh-agent startup to forget decrypted keys
# after some time (here: 1 hour, overridden by ssh-add - in case you really
# need to use some keys all the time)
# ~/.bashrc:
if ! pidof /usr/bin/ssh-agent >/dev/null; then
ssh-agent -t 3600 > ~/.ssh/.agent.pid
fi
source ~/.ssh/.agent.pid >&/dev/null