search by tags

for the user

adventures into the land of the command line

ssh-add, i just heard about it

the example i’m gonna use is for git, as i came across this problem where i was git pulling from a private repo on one host, then i moved to another host, tried to git pull and this happened

$ git pull
The authenticity of host ' (' can't be established.
RSA key fingerprint is xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ',' (RSA) to the list of known hosts.
Permission denied (publickey).
fatal: The remote end hung up unexpectedly

i was all like whaaaaat? i was pretty sure i put the keys on the new host

$ ls -l /home/deploy/.ssh/
total 28
-rw-------. 1 deploy deploy  410 Jan 21 22:16 authorized_keys
-rw-------  1 deploy deploy  192 Feb 25 21:25 config
-rw-------  1 deploy deploy 1675 Feb 25 21:25 id_rsa_repo1
-rw-------  1 deploy deploy  410 Feb 25 21:25
-rw-r--r--  1 deploy deploy  407 Mar  4 00:21 known_hosts

so i tried connecting to github

$ ssh -vT [email protected]
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /home/deploy/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to [] port 22.
debug1: Connection established.
debug1: identity file /home/deploy/.ssh/identity type -1
debug1: identity file /home/deploy/.ssh/identity-cert type -1
debug1: identity file /home/deploy/.ssh/id_rsa type -1
debug1: identity file /home/deploy/.ssh/id_rsa-cert type -1
debug1: identity file /home/deploy/.ssh/id_dsa type -1
debug1: identity file /home/deploy/.ssh/id_dsa-cert type -1
debug1: identity file /home/deploy/.ssh/id_ecdsa type -1
debug1: identity file /home/deploy/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version libssh-0.7.0
debug1: no match: libssh-0.7.0
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Host '' is known and matches the RSA host key.
debug1: Found key in /home/deploy/.ssh/known_hosts:1
Warning: Permanently added the RSA host key for IP address '' to the list of known hosts.
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/deploy/.ssh/identity
debug1: Trying private key: /home/deploy/.ssh/id_rsa
debug1: Trying private key: /home/deploy/.ssh/id_dsa
debug1: Trying private key: /home/deploy/.ssh/id_ecdsa
debug1: No more authentication methods to try.
Permission denied (publickey).

that’s so wierd it’s not listing my private key. so i googled, and apparently, your keys have to be known about by the ssh-agent. you can check if ssh-agent knows about them like this (first make sure ssh-agent is running using the eval below)

$ ssh-add -l
Could not open a connection to your authentication agent.

$ eval "$(ssh-agent)"
Agent pid 17208

$ ssh-add -l
The agent has no identities.

$ ssh-add -l -E md5
The agent has no identities.

hmmm no identites. i should add them then!

$ ssh-add ~/.ssh/id_rsa_repo1
Identity added: /home/deploy/.ssh/id_rsa_repo1 (/home/deploy/.ssh/id_rsa_repo1)

does ssh-agent know about it now?

$ ssh-add -l
2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx /home/deploy/.ssh/id_rsa_repo1 (RSA)

it does yay! let’s try a pull again

$ git pull
remote: Counting objects: 3, done.
remote: Compressing objects: 100% (3/3), done.
remote: Total 3 (delta 0), reused 0 (delta 0), pack-reused 0
Unpacking objects: 100% (3/3), done.
   90f51eb..c76de19  master     -> origin/master
Updating 90f51eb..c76de19
Fast-forward |   24 ++++++++++++++++++++++--
 1 files changed, 22 insertions(+), 2 deletions(-)

yay it worked! woo!

there’s a bunch of stuff about ssh i don’t know about. this being one of those things. i suppose when you generate an ssh key pair on your host, they are automatically added to the ssh-agent. but if you take those keys and move them to a new host, you cant expect them to work without ssh-add-ing them first