gitgithubsshterminalgit-tower

SSH asking every single time for passphrase

I have an annoying problem with my private key. Every time I want to clone or push via ssh in terminal or Tower app, I have to type my passphrase.

I even removed and recreated the ssh key and set the key on Github several times, but it looks like it has a short lifetime and after a couple of minutes, is expired!

I followed generate a new SSH key to create the key. At the end I ran ssh-add ~/.ssh/id_rsa and it printed out:

Identity added: /Users/sajad/.ssh/id_rsa (/Users/sajad/.ssh/id_rsa)

After I restarted my machine I ran ssh-add -l to check whether it's still there or not and here is the result:

The agent has no identities.

How can I fix this? I use macOS.

My /etc/ssh/ssh_config:

#   $OpenBSD: ssh_config,v 1.30 2016/02/20 23:06:23 sobrado Exp $

# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options.  For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

Host *
        SendEnv LANG LC_*

# Host *
#   ForwardAgent no
#   ForwardX11 no
#   RhostsRSAAuthentication no
#   RSAAuthentication yes
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/identity
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   IdentityFile ~/.ssh/id_ecdsa
#   IdentityFile ~/.ssh/id_ed25519
#   Port 22
#   Protocol 2
#   Cipher 3des
#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
#   VisualHostKey no
#   ProxyCommand ssh -q -W %h:%p gateway.example.com
#   RekeyLimit 1G 1h
Solution

  • Ensure you are actually using SSH

    This really sounds like your remote is not using SSH at all, but is using HTTP. In that case, every time you use the remote, it will ask you to authenticate.

    You can check this by looking at your remote URLs. For SSH you want it to look like this:

    $ git remote -v
origin  git@github.com:yourUsername/yourRepo (fetch)
origin  git@github.com:yourUsername/yourRepo (push)

    If you are using HTTP, then it will instead look like this:

    $ git remote -v
origin  https://github.com/yourUsername/yourRepo.git (fetch)
origin  https://github.com/yourUsername/yourRepo.git (push)

    If you find it is set to use HTTP, it's easy to change.

    git remote set-url origin git@github.com:yourUsername/yourRepo

    SSH key asking for passphrase every time it is used

    If it turns out that you are already using SSH, you should check your SSH configuration. There are two locations to check on a Mac.

    In particular, you do not want this setting:

    AddKeysToAgent confirm

    From the ssh_config man page:

    AddKeysToAgent
   Specifies whether keys should be automatically added to a running
   ssh-agent(1).  If this option is set to ``yes'' and a key is
   loaded from a file, the key and its passphrase are added to the
   agent with the default lifetime, as if by ssh-add(1).  If this
   option is set to ``ask'', ssh will require confirmation using the
   SSH_ASKPASS program before adding a key (see ssh-add(1) for
   details).  If this option is set to ``confirm'', each use of the
   key must be confirmed, as if the -c option was specified to
   ssh-add(1).  If this option is set to ``no'', no keys are added
   to the agent.  The argument must be ``yes'', ``confirm'',
   ``ask'', or ``no''.  The default is ``no''.

    And this is a description of the -c flag to ssh-add:

    -c      Indicates that added identities should be subject to confirmation
        before being used for authentication.  Confirmation is performed
        by ssh-askpass(1).  Successful confirmation is signaled by a zero
        exit status from ssh-askpass(1), rather than text entered into
        the requester.

    SSH key not present in agent at startup

    After you restart the machine, the key being gone is normal. You have to add it at least once after the machine starts up.