Brief
I attempted to generate a SSH key for my Github on a Macbook Pro. Yet I encountered the 'Enter PIN for authenticator' issue when I progressed to the step of adding it to the ssh-agent. The bizarre asking is from the following command:
$ ssh-add -K ~/.ssh/id_rsa
Enter PIN for authenticator:
which I totally have no idea what I should type into for this asking. Yet as I typed with the following command, everything just worked as this page revealed.
$ /usr/bin/ssh-add -K ~/.ssh/id_rsa
Identity added: /Users/${user_name}/.ssh/id_rsa (your_email#example.com)
Why there exists this kind of difference ? What exactly you need to type for the asking of 'Enter PIN for authenticator:' ?
Some Info
version information
$ ssh -V
OpenSSH_8.3p1, OpenSSL 1.1.1g 21 Apr 2020
$ sw_vers -productVersion
10.15.6
I generated the key with the ed25519 algorithm.
If you use this command
$ ssh-add -K ~/.ssh/id_rsa
you will be asked to enter the PIN for authentication
so instead of that use
$ ssh-add ~/.ssh/id_rsa
You have a second (Brew-installed?) ssh-add in your shell's $PATH which is not the same as the Apple version. In the Apple version -K stores the password in your keychain, so you don't have to type it every time. In the non-Apple version -K "Loads resident keys from a FIDO authenticator."
The ssh-add at:
/usr/bin/ssh-add
is the Apple provided one, and will work with -K.
Update for macOS Monterey (v12)
The -K and -A flags are deprecated and have been replaced by the --apple-use-keychain and --apple-load-keychain flags, respectively.
I have seen on - https://www.ssh.com/academy/ssh/add and found that if we use -'k' (small k) then it is asking about passpharase what I added during ssh key generaion.
for instance my passphrase while creating ssh key was - Pass#123#
after that when i exeute command -
$ssh-add -k ~/.ssh/id_rsa
Enter passphrase for ~/.ssh/id_rsa: (typed here - Pass#123# and press enter)
Identity added: ~/.ssh/id_rsa (xxxxxxx#xxxx.com)
as specified by the man ssh-add page, the -K option is:
-K Load resident keys from a FIDO authenticator.
so you basically tell it to use an authenticator.
Related
I am planning to create an ansible playbook to provision multiple Apple Mac build machines.
Currently, I am stumbling upon the following issue when trying to add out github ssh key to the keychain.
- name: add ssh-key
shell: |
eval "$(ssh-agent -s)"
ssh-add -K ~/.ssh/id_rsa
Running ssh-add -K ~/.ssh/id_rsa on the target machine will obviously ask for the passphrase like so:
Enter passphrase for /Users/wooga/.ssh/id_rsa:
However, I could not find any way to provide the passphrase via ansible.
Is there any solution to this problem other than using passphrase-less ssh keys?
Best,
Patrick
When I ssh macbook as root user and run
security find-identity -p codesigning -v`
I get
0 valid identities found
But when I run the following directly on the macbook
security find-identity -p codesigning -v
It shows all identities.
I read this SO question but still can't solve it.
how can I show all identities with ssh on macbook.
I find that you should login to the remote machine with a ssh private key, just like ssh -i /path/to/your/id_rsa root#remote.com. Then you can have permission to access all security data.
While making ssh without asking password. I tried the following
ssh-keygen
ssh-copy-id -i ~/.ssh/id_rsa.pub user#192.168.200.4
It shows me the following error:
Try running "ssh-add" on your client PC. It should solve the problem.
Basically the reason why it works is (quoted from here):
ssh-add adds RSA or DSA identities to the authentication agent, ssh-agent(1). When run without arguments, it adds the files ~/.ssh/id_rsa, ~/.ssh/id_dsa and ~/.ssh/identity.
It shows me the following error:
There is no error. It says it copied your key to the server.
I've followed the following guide to setup SSH keys on Mac OS 10.7.4.
https://help.github.com/articles/generating-ssh-keys
But for some reason it continually prompts me for my passphrase. It doesn't prompt me if I don't specify a passphrase, but that isn't desired. Is there a way to cache my passphrase so that I won't be prompted for every pull/push?
You have to add your key file in the ssh-add
ssh-add ~/.ssh/you_key_rsa
After that, it's not will ask any more.
You might need to edit the .git/config file in your git repo and change the url value to use something like user#host:path-to-git-repo.git
The SSH password is used to authenticate users connecting to GIT repositories.
If you're working localy, git shouldn't ask for passwords, obly when doing remote operation, such as clone, push, pull,etc.
If the password annoys you, you can just input a blank password when creating the SSH key, password is not mandatory, however I advise you to use password for extra protection.
I am using Windows 10, and I have found two ways to eliminate the passphrase prompting.
Make sure the ssh agent is started and you have added your key
$ eval "$(ssh-agent -s)"
$ ssh-add ~/.ssh/id_rsa
The second command will prompt you for your passphrase, and then you will not be prompted for any other git commands run in this session.
You will need to run these commands again for every new bash session
Remove the passphrase from you key file:
$ ssh-keygen -p -f ~/.ssh/id_rsa
When prompted, just strike enter key for the new passphrase.
Option 2 will permanently remove the passphrase for all git commands. Of course it also makes you key file "unsecured"
Note: If you are using git desktop GUI ( Version 1.04+) Option 2 is required for the GUI to work.
I am attempting to connect to an Amazon EC2 Server via Mac Terminal. I have a PPK file that does not have a password attached to it, but when I try to connect I get a popup box that says "Enter the password for the SSH Private Key."
So we tried creating a PPK that has a password - but it does not accept the password, it still rejects the connection.
I have a Windows user who is able to connect using the same PPK on Putty.
Has anyone experienced this issue?
The mac is looking for a .pem key. The ppk is generated specifically for putty. If you don't have the original ppk key.
Download puttygen.exe from http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html Then go to conversions -> export OpenSSH key. Save the output as a .pem file and try using that with the mac.
If this doesn't work can you post the command you're running from mac. Its possible you've got some extra parameter or something.
Maybe your problem is with permissions for your key. I know in linux its required to change the permissions.
Taken from the website http://om4.com.au/ssh-rsa-key-pairs-passphrases-leopard/
Clear the contents of your ~/.ssh directory and set the directory permissions to 700 (directories need to be "executable")
$ rm ~/.ssh/*
$ chmod 700 ~/.ssh
Generate your rsa key pair (there are variations for this, but this is the version I used):
$ ssh-keygen -t rsa
Set the permissions for all files in ~/.ssh to 600
$ chmod 600 ~/.ssh
Copy your id_rsa.pub key to your server’s .ssh/authorized_keys file
Add your passphrase to your keychain using this command:
$ ssh-add -K
(you will see Enter passphrase for [your system]/.ssh/id_rsa: )
The error Enter your password for the SSH key x can result from using a key of the wrong format (such as a ppk key) in ssh or sftp. This is because it is interpreted as an encrypted ssh key and so prompts for the passphrase, when actually there is no passphrase.
In OS X I was able to simulate this error by simply typing the following into the command line:
sftp -o IdentityFile=randomtextfile mysftpserver.com
The solution is to convert the file using puttygen as suggested by bwight.
In addition to the other answers, the issue might come from the fact you haven't specified which user you want to connect as.
For example ssh -i francky.pem 208.52.170.43 will ask you for your password on Mac, whereas ssh -i francky.pem root#208.52.170.43 shouldn't. Note that on Linux you don't specify the user.
I was running into the exact same problem in MAC, I found a quite simple way of getting rid of it.
Instead of using ssh -i IP address, use the following>
ssh user#IP
Hope you already found the answer after this long time :)
In my case, the problem was the file's break type. Try this:
1.- Open the .pem file with TextWrangler
2.- At Bottom of app, verify if the Break Type is "Windows(CRLF)".
This issue had me pulling my hair out for 20 min or so. Realized that I was able to connect successfully from another terminal window. In my case I just had to close out the current terminal window and use another or new window. Very strange, but may help you out.