Rich,
If you are using gnome, part of it's startup includes creating a
ssh-agent for you, and the first time you try to ssh elsewhere it
prompts you to unlock the agent.
There is a program out there called keychain (search for 'linux keychain
ssh-agent') which wouks well in non gnome environments. A quick search
found a gentoo article
https://wiki.gentoo.org/wiki/Keychain
that appears to walk thru the setup using keychain. If you do a lot of
access to different systems, keychain will deligate authentication
requests back to your initial login system, prevent duplication, etc. It
has lots of controls you can configure and configuration ends up being
done by adding a few lines to your .bashrc or .zshrc file. You end up
typing a password on first login, and all the ssh logins then just
forward the agent requests back to that system.
The above two schemes make the agent's lifetime tied to your login on
the first machine. When you logout all the agents are gone. It's
possible to lauch a agent that stays around in the background, that
would then be active as long as the machine doesn't reboot. That's not
as secure. But even there, the agent needs to be launched by you, not
root, so normally that would mean launching it the first time you log in
(from your .bashrc).
steve
Russell Senior wrote:
>> "Rich" == Rich Shepard writes:
> Rich> On Sun, 30 Oct 2016, Robert Citek wrote:
>>> Good luck and let us know what works for you.
> Rich>Still seeking this goal. :-)
>
> Rich>After modifying ~/.bash_profile to invoke ssh-agent I sourced
> Rich> the file, then tried ssh-add which did not work:
>
> Rich> $ ssh-add Enter passphrase for /home/rshepard/.ssh/id_ed25519:
> Rich> Could not add identity "/home/rshepard/.ssh/id_ed25519": agent
> Rich> refused operation
>
> Rich>Searching for this error (without the string in quotes) using
> Rich> duckduckgo produced many hits on running ssh-add, but none
> Rich> explicitiy explaining the cause of this error message. The man
> Rich> page does not offer an option of specifying which identity to use
> Rich> (I have only the one).
>
> Rich>Google finds many hits (primarily Ubuntu users) about missing
> Rich> identities when running ssh-add, but none (on the first page of
> Rich> hits) about ssh-add refusing to add an existing identity.
>
> Rich>Would be nice to learn why.
>
> My wild guess would be you typed the wrong passphrase.
>
>
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug