logo标签列表

SSH每次都要求输入秘钥口令短语

gitgithubsshterminalgit-tower
5
我有一个烦人的私钥问题。每次我想通过ssh在终端或Tower应用程序中进行克隆或推送时,我都必须输入我的密码。我甚至多次删除和重新创建ssh密钥,并在Github上设置了密钥,但它似乎具有较短的生命周期,在几分钟后即过期!我按照生成新的SSH密钥的步骤创建了密钥。最后,我运行了ssh-add ~/.ssh/id_rsa,它打印出:
Identity added: /Users/sajad/.ssh/id_rsa (/Users/sajad/.ssh/id_rsa)

在重新启动我的计算机后,我运行了ssh-add -l来检查它是否仍然存在,以下是结果:

The agent has no identities.

我可以帮助你翻译。这段内容是关于编程的。它询问如何在macOS上解决问题,并且提到了文件路径“/etc/ssh/ssh_config”。
#   $OpenBSD: ssh_config,v 1.30 2016/02/20 23:06:23 sobrado Exp $

# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options.  For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

Host *
        SendEnv LANG LC_*

# Host *
#   ForwardAgent no
#   ForwardX11 no
#   RhostsRSAAuthentication no
#   RSAAuthentication yes
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/identity
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   IdentityFile ~/.ssh/id_ecdsa
#   IdentityFile ~/.ssh/id_ed25519
#   Port 22
#   Protocol 2
#   Cipher 3des
#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
#   VisualHostKey no
#   ProxyCommand ssh -q -W %h:%p gateway.example.com
#   RekeyLimit 1G 1h
我用不同的理论更新了我的答案,请查看。 - Dan Lowe
可能是为什么git身份在bitbucket存储库中一直丢失?的重复问题。 - Jakuje
找到这个链接很方便: https://gist.github.com/danieldogeanu/16c61e9b80345c5837b9e5045a701c99 - Yashvit
3个回答
14

这个类似的问题在SuperUserAskDifferent上有一些非常好的解决方案。

基本意思是,苹果最近在Sierra中更改了其中一些行为。幸运的是,只需在您的~/.ssh/config文件顶部添加以下内容即可轻松恢复它们:

Host *
  AddKeysToAgent yes
  UseKeychain yes

这应该足以让它开始使用钥匙串存储/检索您的SSH密钥密码。

1
我有AddKeysToAgent但没有UseKeychain,在这里对我很有效。每次重启或注销/登录后,我必须为每个密钥使用一次密码短语,但我不必每次都使用它们。(我更喜欢不将它们存储在钥匙串中 - 在引导后输入它们一次对我来说已经足够了) - Dan Lowe
11

确保您实际上正在使用SSH

这听起来像是您的远程主机根本没有使用SSH,而是使用HTTP。如果是这样,每次使用远程主机时,都会要求您进行身份验证。

您可以通过查看远程主机URL来检查此信息。对于SSH,您希望它看起来像这样:

$ git remote -v
origin  git@github.com:yourUsername/yourRepo (fetch)
origin  git@github.com:yourUsername/yourRepo (push)

如果您正在使用HTTP,那么它看起来会像这样:

$ git remote -v
origin  https://github.com/yourUsername/yourRepo.git (fetch)
origin  https://github.com/yourUsername/yourRepo.git (push)

如果您发现它设置为使用HTTP,更改起来很容易。

git remote set-url origin git@github.com:yourUsername/yourRepo

每次使用SSH密钥都要求输入密码

如果你已经在使用SSH,你需要检查你的SSH配置。在Mac上有两个位置需要检查:

  • /etc/ssh/ssh_config
  • /Users/{your_username}/.ssh/config

特别是,你不想要这个设置:

AddKeysToAgent confirm
从ssh_config手册页面中得知:
AddKeysToAgent
   Specifies whether keys should be automatically added to a running
   ssh-agent(1).  If this option is set to ``yes'' and a key is
   loaded from a file, the key and its passphrase are added to the
   agent with the default lifetime, as if by ssh-add(1).  If this
   option is set to ``ask'', ssh will require confirmation using the
   SSH_ASKPASS program before adding a key (see ssh-add(1) for
   details).  If this option is set to ``confirm'', each use of the
   key must be confirmed, as if the -c option was specified to
   ssh-add(1).  If this option is set to ``no'', no keys are added
   to the agent.  The argument must be ``yes'', ``confirm'',
   ``ask'', or ``no''.  The default is ``no''.
这是关于ssh-add命令的-c标志的描述:
-c      Indicates that added identities should be subject to confirmation
        before being used for authentication.  Confirmation is performed
        by ssh-askpass(1).  Successful confirmation is signaled by a zero
        exit status from ssh-askpass(1), rather than text entered into
        the requester.

SSH密钥在启动时未在代理中找到

重新启动计算机后,密钥消失是正常的。您必须在机器启动后至少添加一次。

我在 .ssh/config 中设置了 AddKeysToAgent confirm,但它没有起作用。 - Dark star
@SajadAbedi 我并不是建议你添加它。我是在暗示你的问题可能是由它引起的。你是否也查看了/etc/ssh/ssh_config - Dan Lowe
1
# ~/.ssh/config:
AddKeysToAgent yes

# you should also add "-t" to ssh-agent startup to forget decrypted keys
# after some time (here: 1 hour, overridden by ssh-add - in case you really
# need to use some keys all the time)
# ~/.bashrc:
if ! pidof /usr/bin/ssh-agent >/dev/null; then
  ssh-agent -t 3600 > ~/.ssh/.agent.pid
fi
source ~/.ssh/.agent.pid >&/dev/null
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接