3

I'm working on adding ssh authentication to a fresh Linode Ubuntu 12.04LTS deployment. I followed their guide to the letter up to the point where I need to ssh into the box with my now freshly added ssh key, but I instead get:

"Error: agent admitted failure to sign using the key"

Which is fine, the Ubuntu OpenSSH guide says that all you need to do is to run

ssh-add

on the server and you'll be golden. Except when I do that I get 

Could not open a connection to your authentication agent.

I double-checked the processes and indeed it does look like ssh-agent is already running (in fact twice, because I tried the eval trick, which didn't work at all):

alex@mybox:~$ ps aux | grep ssh
root      2645  0.0  0.1  49948   776 ?        Ss   Mar13   0:00 /usr/sbin/sshd -D
alex     16989  0.0  0.0  12492   324 ?        Ss   Mar13   0:00 ssh-agent
root     18986  0.0  0.7  73360  3564 ?        Ss   09:03   0:00 sshd: alex [priv]   
alex     19119  0.0  0.3  73360  1676 ?        S    09:03   0:00 sshd: alex@pts/0    
alex     19785  0.0  0.0  12492   316 ?        Ss   09:59   0:00 ssh-agent
root     20026  0.0  0.7  73360  3568 ?        Ss   10:02   0:00 sshd: alex [priv]   
alex     20184  0.0  0.3  73360  1680 ?        S    10:03   0:00 sshd: alex@pts/1    
alex     20325  0.0  0.1   9384   924 pts/1    S+   10:13   0:00 grep --color=auto ssh

As I mentioned, the eval approach managed to make ssh-add work once, but when I tried to log in again, the system reported the same error I listed above. I also now have two instances of ssh-agent.

What is the proper way of addressing this?

Community
  • 1
Alexandr Kurilin
  • 546
  • 1
  • 8
  • 20

4 Answers4

3

Try starting the ssh-agent for your current bash session. Here is what you need to do.

  1. Test your current env for ssh-agent PID: 

    env | grep ^SSH

  2. If you don't notice any, then start the ssh-agent for your current env:

    exec ssh-agent bash

  3. Now try to add the key:

    ssh-add
kenorb
  • 5,943
  • 1
  • 44
  • 53
Chakri
  • 1,070
  • 6
  • 8
2

Make sure the SSH_AGENT_PID environment variable is set to the PID of the SSH agent, and that SSH_AUTH_SOCK is set to the path of the agent's socket (usually in the /tmp directory, for example: /tmp/ssh-wpNhPp3007/agent.3007)

ssh-add can use these variables to add your key.

gparent
  • 3,561
  • 2
  • 23
  • 28
0

You may also use the following syntax:

ssh-agent sh -c 'ssh-add && echo Do some stuff here.'
kenorb
  • 5,943
  • 1
  • 44
  • 53
-1

Your problem is on the client, not on the server. The system on which sshd is running doesn't care about ssh-add/ssh-agent. It just checks whether the client system is capable of making the authorizing digital signature. Whether this signature is made by ssh, by ssh-agent or even by a smartcard does not make a difference.

If you do not use one of the standard files (but e.g. ~/.ssh/id_rsa_newbox) then you have to tell either ssh (-i ~/.ssh/id_rsa_newbox) or ssh-agent (ssh-add ~/.ssh/id_rsa_newbox`) to use this non-standard file.

Hauke Laging
  • 5,157
  • 2
  • 23
  • 40