1
On Linux (CentOS, in case that matters), I'm having a problem with git commands. git can take advantage of keys loaded into the ssh-agent cache, but if the keys aren't loaded, it doesn't seem to take any steps to load them (such as calling ssh-add).
I have ~/.ssh/config set up like so:
$ cat ~/.ssh/config
Host github.com
User git
PreferredAuthentications publickey
IdentityFile ~/.ssh/github_id_rsa
My system already has ssh-agent set up. I believe it's using an implementation supplied by Gnome ( http://live.gnome.org/GnomeKeyring/Ssh ).
I can manually add my github key with the "ssh-add" command. When I do, I can see that the key is loaded using "git add -l" and the git commands that connect remotely (eg "git remote update") work without prompting for a passphrase.
What I still want git commands to do is:
By default, if ssh-agent is running and the necessary key is not already loaded, use ssh-add to load the key into ssh-agent.
ssh-add appears to need help (via a parameter) if the key file is not one of the default filenames (eg 'id_rsa', 'id_dsa', or 'identity'). This seems backward. I have a mapping from hostname to IdentityFile specified in ~/.ssh/config as shown above. Shouldn't ssh-add be able to use that?
Also...
- To simplify the problem, I tried removing the 'IdentityFile' mapping from ssh-config, and renaming the key files to the default names (id_rsa and id_rsa.pub). This does allow "ssh-add" to add the key without any additional arguments, but even in this simplified scenario I don't see git commands adding any keys to the ssh-agent cache.
I have the same ~/.ssh/config on my MacOS (Snow Leopard) machine, and it seems to be doing exactly the right thing. But how can I get this behavior in Linux? I'm not sure whether this is due to a difference in the implementation or configuration of ssh-agent, ssh-add, git, or some combination.
Edit: After thinking about this a bit more, I'm thinking this should have much more to do with the ssh tools (perhaps most importantly ssh-agent?) rather than git. After all, this behavior should be the same for any process attempting to make ssh connections using the keys and settings in ~/.ssh, including the ssh command itself.
Thank you for a very thoroughly researched answer! I think the only remaining part of the question is "How can I get this behavior in Linux?" It looks like you've made a sold case that this can't be done with default OpenSSH by itself. I'm thinking the place to look is probably in the tools provided with desktop environments, ie GNOME and KDE. – Charlie – 2011-08-24T19:28:23.860
p.s. I really wanted to give this answer an up-vote but the site is telling me I don't have enough reputation to do that :( – Charlie – 2011-08-24T19:37:07.433