# Keychain won't ask for passphrase [SOLVED]

## KicoRox

Hello,

Although this might be slightly off-topic because I'm not running Gentoo, I'm running RedHat Linux Enterprise ES, I'm writing this because I'm having a problem with Keychain and it seems that this is just about the only place I've found on the net for support on Gentoo-based apps.

I installed keychain as per the tarball supplied at http://dev.gentoo.org/~agriffis/keychain/

I installed it as root.

for a user called "backups" in my machine, I added the following lines to my .bash_profile:

```
#!/bin/bash

#on this next line, we start keychain and point it to the private keys that

#we'd like it to cache

/usr/bin/keychain ~/.ssh/id_rsa

source ~/.ssh-agent > /dev/null

#sourcing ~/.bashrc is a good thing

source ~/.bashrc
```

That's all nice and dandy.  Keychain seems pretty straightforward.  I have verified the permissions for directories and files - everything seems just fine.

I logout of the machine and login again as backups hoping that keychain will fireup and prompt me for id_rsa's keyphrase.

However, when I loging to the machine, this is the output I get:

```
KeyChain 2.6.1; http://www.gentoo.org/proj/en/keychain/

Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL

 * Initializing /home/backups/.keychain/mybox-sh file...

 * Initializing /home/backups/.keychain/mybox-csh file...

 * Starting ssh-agent

 * Warning: /home/backups/.ssh/id_rsa.pub missing; can't tell if /home/backups/.ssh/id_rsa is loaded
```

1) I don't get why its asking for id_rsa.pub, since what it should do is simply load my private, passphrased key via ssh-add to load that into ssh-agent.

2) The key is there, but it just won't load the damn key!

3) After the program has run, I try to load the key manually via "ssh-add ~/.ssh/id_rsa and it says it cannot find the ssh-agent.  Even though checking for ssh-agent being loaded via command "ps auxww | grep ssh-agent" shows up ssh-agent as being loaded.

I simply cannot understand why this is not working and cannot find any info on the next about this through google.

Anyone have any ideas??Last edited by KicoRox on Mon Feb 13, 2006 4:05 pm; edited 1 time in total

----------

## magic919

Have you seen this?  http://gentoo-wiki.com/TIP_keychain  May help you.

----------

## KicoRox

magic,

I did make the modifications to .bash_profile per the wiki you sent me.  I saw that the original IBM hosted article on setting up keychain was referring to an old version that didn't use the /.keychain/$HOSTNAME-sh verion.  I did change this.

However, whenever I login to the machine, keychain NEVER prompts me for the passphrase.  It always complains with a warning in the begining that it "can't tell if /home/backups/.ssh/id_rsa is loaded.

1) seems that keychain managed to load ssh-agent or to recognize its already loaded in memory

2) HOWEVER it cannot seem to run ssh-add because it won't prompt my passphrase, however, when I run ssh-add manually it asks for my passphrase just fine, and in subsequent logins, "ssh-add -l"  displays the added key without problems.

I just don't understand why keychain won't prompt me for my passphrase!  I also don't get why on earth keychain would want id_rsa.pub to be arround, since keychain is used for private key loading and not public key loading!

Any thoughts?

----------

## KicoRox

I decided to copy over id_rsa.pub to .ssh just in case, even though keychain SHOULD NOT need it.  It worked and prompted me for my private key passphrase on the following fresh login.

GO FIGURE!

Anyway, thanks for the feedback.

----------

## magic919

I'm glad you got it sorted.  Even if the solution didn't make complete sense  :Smile: 

----------

## Kream

That's what I can make out from this error:

* Initializing /home/karim/.keychain/bodhi-sh file...

* Initializing /home/karim/.keychain/bodhi-csh file...

* Initializing /home/karim/.keychain/bodhi-fish file...

* Starting ssh-agent

* Initializing /home/karim/.keychain/bodhi-sh-gpg file...

* Initializing /home/karim/.keychain/bodhi-csh-gpg file...

* Initializing /home/karim/.keychain/bodhi-fish-gpg file...

* Starting gpg-agent

* Warning: /home/karim/.keychain/bodhi-sh.pub missing; can't tell if /home/karim/.keychain/bodhi-sh is loaded

 * Adding 1 ssh key(s)...

Enter passphrase for /home/karim/.ssh/id_dsa:

Identity added: /home/karim/.ssh/id_dsa (/home/karim/.ssh/id_dsa)

I would get the warning each time I opened a console. Really irritating and completely bizarre. This is new behaviour for me. 

I solved this by doing 

```
ln -sf ~/.ssh/id_dsa.pub ~/bodhi-sh.pub
```

Once I did this, keychain stopped complaining. Go figure, as has been said  :Smile: 

cheers,

Aniruddha Shankar

----------

## htmlmencken

I'm running into a similar issue while setting up keychain v2.6.8 on cygwin. I'm sourcing keychain and the appropriate file with the socket and PID variables in .bash_profile as described on the wiki page: 

```
# keychain

 keychain id_rsa

 source ${HOME}/.keychain/${HOSTNAME}-sh

```

Notes:

1) I'm substituting the tilde with ${HOME} and hostname with ${HOSTNAME} because AFAIK that is how cygwin likes it. keychain seems to source ${HOSTNAME}-sh alright; otherwise, I would expect to see the following message when invoking ssh-add -l:

```
Could not open a connection to your authentication agent.

```

Why? Because keychain would not have set the SSH_AGENT_PID and SSH_AUTH_SOCK environment variables correctly without accessing ${HOSTNAME}-sh. And without setting these vars, ssh-add would be unable to connect to ssh-agent. However, it does connect just fine.

2) I'm sourcing keychain after ~/.bashrc (just saying because the wiki example has it the other way around).

3) Copies of both my private and public keys are in ~/.ssh and the public key has been added to ~/.ssh/authorized_keys2 on the remote server.

4) My cygwin bash shell version is GNU bash v3.2.15(14), and OpenSSH version 4.6p1.

5) My permissions are set as follows:

Directories:

~/                777 (This seems to be the cygwin default? You'd think it should be 755 but then this is cygwin, not linux. Also, it doesn't seem to stop OpenSSH from using the keys. See below.)

~/.keychain  700

~/.ssh          700

Files:

~/.keychain/${HOSTNAME}-sh       600

~/.ssh/id_rsa                                600

~/.ssh/id_rsa.pub                          644

~/.ssh/known_hosts                      644

On first run, keychain creates ~/.keychain/${HOSTNAME}-sh, -csh and -fish, then starts the ssh-agent. 

```

* Initializing ${HOME}/.keychain/${HOSTNAME}-sh file...

* Initializing ${HOME}/.keychain/${HOSTNAME}-csh file...

* Initializing ${HOME}/.keychain/${HOSTNAME}-fish file...

Starting ssh-agent

$
```

I observe the following:

a) keychain gives no indication of successful key importing and it doesn't ask me for a passphrase. 

b) ssh-add -l initally returns 'no keys found'. Thus, ssh-agent doesn't know about it either, and I'll have to enter the passphrase every time I attempt to connect to the remote server.

c) ssh-add recognizes the key in ~/.ssh, asks me for the passphrase and adds it to the ssh-agent cache.

d) subsequent ssh connection attempts (including across login sessions) seem to work as designed: ssh connects successfully and I am not asked for the passphrase again. At the next login however, keychain still says nothing about the key it now seems to know about. The only feedback I get is this:

```
KeyChain 2.6.8; (copyright stuff)

* Found existing ssh-agent (PID)

```

In other words, I am missing the following line:

```
* Known ssh key: ${HOME}/.ssh/id_rsa
```

e) I assume OpenSSH is happy about the permissions settings since it would refuse any connection otherwise?

My questions are pretty much the same: 

Why does keychain not import my key, forcing me to add it manually with ssh-add?

Why does keychain not acknowledge a known key after it has been added with ssh-add?

Why does keychain not ask me for a passphrase (I guess this one's redundant if the key isn't being added anyway)?

Why doesn't keychain have a --debug or --verbose mode? lol 

...be gentle, I'm not a geek :)

----------

