4

我的私钥有一个烦人的问题。每次我想clonepush通过终端或 Tower 应用程序中的 ssh 时,我都必须输入我的密码。

我什至删除并重新创建了 ssh 密钥并在 Github 上设置了几次,但看起来它的生命周期很短,几分钟后就过期了!

我跟着生成一个新的 SSH 密钥来创建密钥。最后我跑了ssh-add ~/.ssh/id_rsa,它打印出来:

Identity added: /Users/sajad/.ssh/id_rsa (/Users/sajad/.ssh/id_rsa)

重新启动机器后,我跑去ssh-add -l检查它是否仍然存在,结果如下:

The agent has no identities.

我怎样才能解决这个问题?我使用 macOS。

我的/etc/ssh/ssh_config

#   $OpenBSD: ssh_config,v 1.30 2016/02/20 23:06:23 sobrado Exp $

# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options.  For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

Host *
        SendEnv LANG LC_*

# Host *
#   ForwardAgent no
#   ForwardX11 no
#   RhostsRSAAuthentication no
#   RSAAuthentication yes
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/identity
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   IdentityFile ~/.ssh/id_ecdsa
#   IdentityFile ~/.ssh/id_ed25519
#   Port 22
#   Protocol 2
#   Cipher 3des
#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
#   VisualHostKey no
#   ProxyCommand ssh -q -W %h:%p gateway.example.com
#   RekeyLimit 1G 1h
4

3 回答 3

13

对于SuperUserAskDifferent上的一个非常相似的问题,有一些非常好的解决方案。

基本要点是 Apple 最近在 Sierra 中改变了其中的一些行为。值得庆幸的是,通过在文件顶部添加以下内容很容易将它们取回~/.ssh/config

Host *
  AddKeysToAgent yes
  UseKeychain yes

这应该足以让它开始使用钥匙串来存储/检索您的 SSH 密钥密码。

于 2016-12-23T10:07:01.170 回答
11

确保您实际使用的是 SSH

听起来您的遥控器根本没有使用 SSH,而是使用了 HTTP。在这种情况下,每次您使用遥控器时,它都会要求您进行身份验证。

您可以通过查看远程 URL 来检查这一点。对于 SSH,您希望它看起来像这样:

$ git remote -v
origin  git@github.com:yourUsername/yourRepo (fetch)
origin  git@github.com:yourUsername/yourRepo (push)

如果您使用的是 HTTP,那么它将看起来像这样:

$ git remote -v
origin  https://github.com/yourUsername/yourRepo.git (fetch)
origin  https://github.com/yourUsername/yourRepo.git (push)

如果您发现它设置为使用 HTTP,则很容易更改。

git remote set-url origin git@github.com:yourUsername/yourRepo

SSH 密钥在每次使用时都要求输入密码

如果事实证明您已经在使用 SSH,您应该检查您的 SSH 配置。在 Mac 上有两个位置可以检查。

  • /etc/ssh/ssh_config
  • /Users/{your_username}/.ssh/config

特别是,您不需要此设置:

AddKeysToAgent confirm

从 ssh_config 手册页:

AddKeysToAgent
   Specifies whether keys should be automatically added to a running
   ssh-agent(1).  If this option is set to ``yes'' and a key is
   loaded from a file, the key and its passphrase are added to the
   agent with the default lifetime, as if by ssh-add(1).  If this
   option is set to ``ask'', ssh will require confirmation using the
   SSH_ASKPASS program before adding a key (see ssh-add(1) for
   details).  If this option is set to ``confirm'', each use of the
   key must be confirmed, as if the -c option was specified to
   ssh-add(1).  If this option is set to ``no'', no keys are added
   to the agent.  The argument must be ``yes'', ``confirm'',
   ``ask'', or ``no''.  The default is ``no''.

这是对-c标志的描述ssh-add

-c      Indicates that added identities should be subject to confirmation
        before being used for authentication.  Confirmation is performed
        by ssh-askpass(1).  Successful confirmation is signaled by a zero
        exit status from ssh-askpass(1), rather than text entered into
        the requester.

启动时代理中不存在 SSH 密钥

重启机器后,钥匙不见了是正常的。您必须在机器启动后至少添加一次。

于 2016-12-22T16:11:47.757 回答
1 
# ~/.ssh/config:
AddKeysToAgent yes

# you should also add "-t" to ssh-agent startup to forget decrypted keys
# after some time (here: 1 hour, overridden by ssh-add - in case you really
# need to use some keys all the time)
# ~/.bashrc:
if ! pidof /usr/bin/ssh-agent >/dev/null; then
  ssh-agent -t 3600 > ~/.ssh/.agent.pid
fi
source ~/.ssh/.agent.pid >&/dev/null
于 2021-05-09T12:58:27.783 回答