# Can't get ssh agent to load keys

## funkyFlash

Hey.  I maintain a bunch of keys.  I'm a recent convert to kde, and gnome just "did it for me".  I've finally gotten sick enough of typing in my passphrase that I started looking into getting ssh-agent running.

When I launch ssh-agent, it tells me information about itself:

```
afunk@defiant ~ $ ssh-agent

SSH_AUTH_SOCK=/tmp/ssh-nCBpI29199/agent.29199; export SSH_AUTH_SOCK;

SSH_AGENT_PID=29200; export SSH_AGENT_PID;

echo Agent pid 29200;
```

but doesn't prompt me for the password of my keys.  Then, when I try to ssh-add, it barfs saying it can't find the ssh-agent that's running:

```
afunk@defiant ~ $ ssh-add .ssh/qa_key

Could not open a connection to your authentication agent.
```

It's running, but the appropriate environment variables don't exist:

```
afunk@defiant ~ $ ps aux | grep ssh-agent

afunk    29200  0.0  0.0   3352   408 ?        Ss   09:07   0:00 ssh-agent

afunk    29269  0.0  0.0   1992   516 pts/1    S+   09:10   0:00 grep --colour=auto ssh-agent

afunk@defiant ~ $ echo $SSH_AUTH_SOCK

afunk@defiant ~ $ echo $SSH_AGENT_PID

```

I'm running bash 4.1-p7, and tried in both Konsole and Terminator.

Ideas?  Please move this thread if it's in the wrong section.

Thanks!

----------

## funkyFlash

Oh, yea.  And I suspected perms, but I don't know what they're supposed to look like.  This is what I got:

```
afunk@defiant ~ $ ls -l .ssh

total 72

-rwxr-xr-x 1 afunk afunk   670 Oct 27 11:00 authorized_keys2

-rw-r--r-- 1 afunk afunk  5155 Nov  2 12:32 config

-rw------- 1 afunk afunk   672 Oct 27 11:00 dev_key

-rw-r--r-- 1 afunk afunk  1217 Oct 27 11:00 dev_key.pub

-rw------- 1 afunk afunk  1743 Oct 27 11:00 id_rsa

-rw-r--r-- 1 afunk afunk   395 Oct 27 11:00 id_rsa.pub

-rw-r--r-- 1 afunk afunk  1743 Oct 27 11:00 id_vsi_wrt

-rw-r--r-- 1 afunk afunk 23014 Nov 17 06:50 known_hosts

-rw------- 1 afunk afunk   668 Oct 27 11:00 qa_key

-rw-r--r-- 1 afunk afunk   611 Oct 27 11:00 qa_key.pub

-rw------- 1 afunk afunk  1743 Oct 27 11:00 qa_mgmt

-rw-r--r-- 1 afunk afunk   422 Oct 27 11:00 qa_mgmt.pub
```

----------

## wthrowe

Programs (not built into bash) can't modify your environment.  You can't just call ssh-agent and have it work.

 *ssh-agent(1) wrote:*   

>      There are two main ways to get an agent set up: The first is that the
> 
>      agent starts a new subcommand into which some environment variables are
> 
>      exported, eg ssh-agent xterm &.  The second is that the agent prints the
> ...

 

----------

## lyallp

however, you can do 

```
eval $(ssh-agent)
```

This sets your current shell environment variables, which is what ssh-add looks for, then the subsequent shh-add's work, within that xterm.

If you want to make the environment variables available elsewhere, you can redirect the output of ssh-agent to a file and 'source' it in the relevant sessions or use ssh-agent to start your window manager, as described in other posts.

----------

## Hu

If you want every program in your desktop environment to have access to the same ssh-agent, you could take advantage of its ability to run a command to have ssh-agent start your window manager during X startup.  That way, your window manager, and all its children, would have the environment variables available.

----------

## wthrowe

You might also be interested in net-misc/keychain, which helps with having multiple shells talk to the same agent.

----------

## funkyFlash

Brilliant.  Thanks guys.  It's still not getting my id_rsa by default, but that's fine.  I can ssh-add it.

Don't suppose any of you guys know a nifty kwallet integration for keychain?  There's one in sunrise, but I'm skeptical...

----------

## deploylinux

Just solved the same problems and went a little further on my own desktop:

http://www.deploylinux.net/matt/2010/11/#000074

----------

## lyallp

My variation on the theme is that when I log in, I re-use any existing ssh-agent, rather than starting a new one.

This way, I only have to load my keys once between re-boots of the machine.

Particularly nice if you have rather long passphrases.

Hence, my .bash_profile contiains the following snippets...

```

if [[ $- != *i* ]] ; then

    ON_A_TTY=No

else

    ON_A_TTY=Yes

fi

# check that an ssh-agent is running

if [ -x /usr/bin/ssh-agent ]

then

    SSH_AGENT_PID=-1

    if [ -r ${HOME}/.ssh/agent_info ]

    then

        #

        ## #####################################################################

        ## Share an already existing agent that I have started

        ## #####################################################################

        #

        source ${HOME}/.ssh/agent_info

    fi

    #

    ## #########################################################################

    ## Make sure the agent is still running

    ## #########################################################################

    #

    if [ ! -r /proc/${SSH_AGENT_PID} ]

    then

        ssh-agent > ${HOME}/.ssh/agent_info

        chmod u=rw,g=,o= ${HOME}/.ssh/agent_info

        source ${HOME}/.ssh/agent_info # > /dev/null 2>&1

        #

        ## #################################################################

        ## Newly created agent, load up my id_dsa and id_rsa identities

        ## #################################################################

        #

        # now, we have an ssh-agent running, add my identity

        # if [ "${ON_A_TTY}" = "Yes" ]

        # then

        #       xterm -e ssh-add ${HOME}/.ssh/identity

        # fi

    fi

fi

```

----------

