3

I forgot how to do this procedure.

I did on OSX 10.9.1

  • run ssh-keygen in my server
  • moved the private-key id_rsa to my laptop's $HOME/.ssh/id_rsa, removed the private key id_rsa from my server
  • create the following $HOME/.ssh/config in my laptop
  • run ssh-add $HOME/.ssh/id_rsa

My .ssh/config

Host server.myhomepage.com
  User masi
  Port 22
  Hostname server.myhomepage.com
  IdentityFile ~/.ssh/id_rsa
  TCPKeepAlive yes
  IdentitiesOnly yes

I run

ssh-add .ssh/id_rsa 
Enter passphrase for .ssh/id_rsa: 
Identity added: .ssh/id_rsa (.ssh/id_rsa)

and running more 

ssh server.myhomepage.com
Saving password to keychain failed

and it asked my passphrase for my id_rsa in a graphical window which I gave correctly but get failed message. Then, it asks in the terminal if I enter correctly the password for my private key but showed still the failed message. I run many times with correct password 

Identity added: /Users/masi/.ssh/id_rsa (/Users/masi/.ssh/id_rsa)
masi@server.myhomepage.com's password: 
Permission denied, please try again.

I forgot how to do this procedure correctly. How can you have the key in your keychain correctly?

Léo Léopold Hertz 준영
  • 809
  • 6
  • 22
  • 43

2 Answers2

5

On the client side, you need both the private and the public part of the key.

On the server side, you need to have the public part of the key in $HOME/.ssh/authorized_keys.

So the steps that are missing in your description are:

  • copy the public key to the laptop's $HOME/.ssh/id_rsa.pub
  • add the public key to the server's $HOME/.ssh/authorized_keys
Jenny D
  • 27,780
  • 21
  • 75
  • 114
0

I'm going to guess you're on OSX with Mavericks. This apple support forum message seems very relevant:

https://discussions.apple.com/thread/5470737?btstart=0

It would appear you need to 'massage' the key generated by ssh-keygen into a form that the OSX patched openssh can work with.

Potentially, it could be this situation instead:

https://apple.stackexchange.com/questions/106364/osx-ssh-agent-no-password-pasting-and-problem-with-pkcs8

If you continue to have problems, please add the top three lines of the private key, the ones that look like this:

  -----BEGIN RSA PRIVATE KEY-----
  Proc-Type: 4,ENCRYPTED
  DEK-Info: AES-128-CBC,3EA2BF123CB9E67FBB094A12A82E7BAF

Incidentally, I'd be amused to know if you have an environment variable present called SSH_ASKPASS. That, in theory, should be how the apple ssh-add is invoking a graphical password prompt.

Good Luck!

Community
  • 1
etherfish
  • 1,757
  • 10
  • 12