Search the Community

I recently set up key based ssh authentication for my workstation to a test server (running Centos 6) I have. The key based authentication works fine and I am able to log in just by entering a passphrase. In a quest to allow login without entering anything at all (except for the first time in a given server reboot session), I downloaded and configured keychain on my server. In this case it's on the root user but I plan on using it for other users and disabling root login completely (server is on a private network anyhow). To my understanding, keychain allows you to access the server without entering a passphrase except the first time logging in between server reboots. I am showing that after first using keychain, it prompted me for a passphrase then keychain itself prompted me for a passphrase then it logged me in. On my second login (illustrated below), it still continues to ask me for my passphrase. Second login: login as: root Authenticating with public key "imported-openssh-key" Passphrase for key "imported-openssh-key": Last login: Wed Apr 8 17:35:54 2020 from 8.8.8.1 * keychain 2.8.0 ~ http://www.funtoo.org * Found existing ssh-agent: 4023 * Known ssh key: /root/.ssh/id_rsa root@server1 [~]# If there a way to get this to not ask me for my passphrase or did I misconfigure anything? I haven't changed anything in the sshd_config so far. Here's my .bash_profile and location of the key files: root@server1 [~]# cat .bash_profile # .bash_profile # Get the aliases and functions if [ -f ~/.bashrc ]; then . ~/.bashrc fi # User specific environment and startup programs PATH=$PATH:$HOME/bin export PATH eval `keychain --agents ssh --eval id_rsa` root@server1 [~]# find | grep id_rsa ./.ssh/id_rsa.pub ./.ssh/id_rsa root@server1 [~]# I feel like i've tried everything at this point. Please let me know if i need to provide some more details. Thanks for the help!

Is the official webpage for Keychain deprecated (or orphan)? The version available there is old when compared to the latest version released on GitHub. Any plan to update it? Regards.

Hi All, Just wanted to let everyone know that keychain 2.8.4 has been released and we have our official development repository for the project hosted on github: https://github.com/funtoo/keychain. Also welcome Ryan Harris @x48rph as the new official maintainer of keychain! This new release has been fixed to work with GPG2 and has various other fixes. You can learn more about keychain on its official landing page: https://www.funtoo.org/Keychain . Regards, Daniel

What is the best way to make `keychain` and `kwallet` co-exist? It it possible to just give a passphrase once (given, `keychain` is set up correctly, see funtoo.org/Keychain) for everything (and, re-enter after the `keychain`'s for example `--timeout 180` parameter has expired)? I need keychain for mutt and ssh-ing. Can't it be all right at the login? Some references (but I am still not sure how to proceed): https://wiki.gentoo.org/wiki/Keychain#Using_keychain_with_KDE https://bbs.archlinux.org/viewtopic.php?id=151068

I have set up keychain to use an id_rsa key. After latest world updates, I am asked for a passphrase repeatedly. I got the following files/entries: ~/.ssh: authorized_keys config id_rsa id_rsa.pub known_hosts .. /etc/ssh/sshd_config (perhaps irrelevant here, however, it is the same setup used in other system into which I ssh from the current one) PermitRootLogin no PubkeyAuthentication yes PasswordAuthentication no PermitEmptyPasswords no UsePAM no AllowTcpForwarding yes X11Forwarding yes AcceptEnv LANG LC_* ~/.gnupg: gpg-agent.conf no-grab default-cache-ttl 28800z default-cache-ttl-ssh 28800z max-cache-ttl 28800z max-cache-ttl-ssh 28800z gpg.conf # GnuPG config file created by KGpg use-agent default-key 9053534B693C4FB3 encrypt-to 9053534B693C4FB3 private-keys-v1.d (directory) pubring.gpg random_seed secring.gpg trustdb.gpg .. ~/.keychain/ .. tpx1c2g-sh tpx1c2g-sh-gpg ~/bash_profile # GPG #export GPG_TTY=`tty` export GNUPGHOME=~/.gnupg export GPGKEY=693C4FB3 eval `keychain --noask --eval --timeout 180 id_rsa` source ~/.keychain/$HOSTNAME-sh source ~/.keychain/$HOSTNAME-sh-gpg I have added the Key, again, via ssh-add to be sure it is used. I am still not sure why it stopped working, nor why it is not working now, even after checking that ssh-agent is (already) running. What else should I check?