The answer is
Try ssh-add, you need ssh-agent to be running and holding your private key
(Ok, responding to the updated question, you first run ssh-keygen to generate a public and private key as Jefromi explained. You put the public key on the server. You should use a passphrase, if you don't you have the equivalent of a plain-text password in your private key. But when you do, then you need as a practical matter ssh-agent as explained below.)
You want to be running ssh-agent in the background as you log in. Once you log in, the idea is to run ssh-add once and only once, in order to give the agent your passphrase, to decode your key. The agent then just sits in memory with your key unlocked and loaded, ready to use every time you ssh somewhere.
All ssh-family commands1 will then consult the agent and automatically be able to use your private key.
On OSX (err, macOS), GNOME and KDE systems, ssh-agent is usually launched automatically for you. I will go through the details in case, like me, you also have a Cygwin or other windows environment where this most certainly is not done for you.
Start here: man ssh-agent.
There are various ways to automatically run the agent. As the man page explains, you can run it so that it is a parent of all your login session's other processes. That way, the environment variables it provides will automatically be in all your shells. When you (later) invoke ssh-add or ssh both will have access to the agent because they all have the environment variables with magic socket pathnames or whatever.
Alternatively, you can run the agent as an ordinary child, save the environment settings in a file, and source that file in every shell when it starts.
My OSX and Ubuntu systems automatically do the agent launch setup, so all I have to do is run ssh-add once. Try running ssh-add and see if it works, if so, then you just need to do that once per reboot.
My Cygwin system needed it done manually, so I did this in my .profile and I have .bashrc source .profile:
. .agent > /dev/null
ps -p $SSH_AGENT_PID | grep ssh-agent > /dev/null || {
ssh-agent > .agent
. .agent > /dev/null
}
The .agent file is created automatically by the script; it contains the environment variables definitions and exports. The above tries to source the .agent file, and then tries to ps(1) the agent. If it doesn't work it starts an agent and creates a new agent file. You can also just run ssh-add and if it fails start an agent.
1. And even local and remote
sudo with the right pam extension.
If you're using github, they have a very nice tutorial that explains it more clearly (at least to me).
Try this from the box you are pushing from
ssh [email protected]
You should then get a welcome response from github and will be fine to then push.
Had a similar problem with the GitHub because I was using HTTPS protocol. To check what protocol you're using just run
git config -l
and look at the line starting with remote.origin.url. To switch your protocol
git config remote.origin.url [email protected]:your_username/your_project.git
Add a single line AddKeysToAgent yes on the top of the .ssh/config file. Ofcourse ssh-agent must be running beforehand. If its not running ( check by prep ssh-agent ) , then simply run it eval $(ssh-agent)
Now, the key is loaded systemwide into the memory and you dont have to type in the passphrase again.
The source of the solution is https://askubuntu.com/questions/362280/enter-ssh-passphrase-once/853578#853578
I think there are two different things here. The first one is that normal SSH authentication requires the user to put the account's password (where the account password will be authenticated against different methods, depending on the sshd configuration).
You can avoid putting that password using certificates. With certificates you still have to put a password, but this time is the password of your private key (that's independent of the account's password).
To do this you can follow the instructions pointed out by steveth45:
If you want to avoid putting the certificate's password every time then you can use ssh-agent, as pointed out by DigitalRoss
The exact way you do this depends on Unix vs Windows, but essentially you need to run ssh-agent in the background when you log in, and then the first time you log in, run ssh-add to give the agent your passphrase. All ssh-family commands will then consult the agent and automatically pick up your passphrase.
Start here: man ssh-agent.
The only problem of ssh-agent is that, on *nix at least, you have to put the certificates password on every new shell. And then the certificate is "loaded" and you can use it to authenticate against an ssh server without putting any kind of password. But this is on that particular shell.
With keychain you can do the same thing as ssh-agent but "system-wide". Once you turn on your computer, you open a shell and put the password of the certificate. And then, every other shell will use that "loaded" certificate and your password will never be asked again until you restart your PC.
Gnome has a similar application, called Gnome Keyring that asks for your certificate's password the first time you use it and then it stores it securely so you won't be asked again.
Extending Muein's thoughts for those who prefer to edit files directly over running commands in git-bash or terminal.
Go to the .git directory of your project (project root on your local machine) and open the 'config' file. Then look for [remote "origin"] and set the url config as follows:
[remote "origin"]
#the address part will be different depending upon the service you're using github, bitbucket, unfuddle etc.
url = [email protected]:<username>/<projectname>.git
I had to clone a git repo from a server that did not allow login vie ssh key but only with a user/password. I found no way to configure the Git Plugin to use a simple user/password combination so i added the the following shell command as pre-build step on a linux build machine which depends on the tool expect (apt-get install expect):
THIS IS NOT A GOOD WAY OF SOLVING THIS PROBLEM AS YOUR PASSWORD IS SHOWN AS CLEAR TEXT IN THE CONFIGURATION AND LOGS OF THE JENKINS JOB! ONLY USE IT IF THERE IS NO WAY TO CONFIGURE RSA-KEY AUTHENTIFICATION OR OTHER CONFIGURATION POSSIBILITES!
rm -rf $WORKSPACE &&
expect -c 'set timeout -1; spawn git clone USER@MYHOST:/MYPATH/MYREPO.git $WORKSPACE; expect "password:" {send "MYPASSWORD\r"}; expect eof'
I have being trying to avoid typing the passphrase all the time also because i am using ssh on windows. What i did was to modify my .profile file, so that i enter my passphrase one in a particular session. So this is the piece of code:
SSH_ENV="$HOME/.ssh/environment"
# start the ssh-agent
function start_agent {
echo "Initializing new SSH agent..."
# spawn ssh-agent
ssh-agent | sed 's/^echo/#echo/' > "$SSH_ENV"
echo succeeded
chmod 600 "$SSH_ENV"
. "$SSH_ENV" > /dev/null
ssh-add
}
# test for identities
function test_identities {
# test whether standard identities have been added to the agent already
ssh-add -l | grep "The agent has no identities" > /dev/null
if [ $? -eq 0 ]; then
ssh-add
# $SSH_AUTH_SOCK broken so we start a new proper agent
if [ $? -eq 2 ];then
start_agent
fi
fi
}
# check for running ssh-agent with proper $SSH_AGENT_PID
if [ -n "$SSH_AGENT_PID" ]; then
ps -fU$USER | grep "$SSH_AGENT_PID" | grep ssh-agent > /dev/null
if [ $? -eq 0 ]; then
test_identities
fi
# if $SSH_AGENT_PID is not properly set, we might be able to load one from
# $SSH_ENV
else
if [ -f "$SSH_ENV" ]; then
. "$SSH_ENV" > /dev/null
fi
ps -fU$USER | grep "$SSH_AGENT_PID" | grep ssh-agent > /dev/null
if [ $? -eq 0 ]; then
test_identities
else
start_agent
fi
fi
so with this i type my passphrase once in a session..
Make sure that when you cloned the repository, you did so with the SSH URL and not the HTTPS; in the clone URL box of the repo, choose the SSH protocol before copying the URL. See image below:
I tried all of these suggestions and more, just so I could git clone from my AWS instance. Nothing worked. I finally cheated out of desperation: I copied the contents of id_rsa.pub on my local machine and appended it to ~/.ssh/known_hosts on my AWS instance.
If you have cloned using HTTPS (recommended) then:-
git config --global credential.helper cache
and then
git config --global credential.helper 'cache --timeout=2592000'
timeout=2592000 (30 Days in seconds) to enable caching for 30 days (or whatever suites you).
Now run a simple git command that requires your username and password.
Enter your credentials once and now caching is enabled for 30 Days.
Try again with any git command and now you don't need any credentials.
For more info :- Caching your GitHub password in Git
Note : You need Git 1.7.10 or newer to use the credential helper. On system restart, we might have to enter the password again.
Update #1:
If you are receiving this error git: 'credential-cache' is not a git command. See 'get --help'
then replace git config --global credential.helper 'cache --timeout=2592000'
with git config --global credential.helper 'store --file ~/.my-credentials'
Update #2:
If you keep getting the prompt of username and password and getting this issue:
Logon failed, use ctrl+c to cancel basic credential prompt.
Reinstalling the latest version of git worked for me.
ssh-keygen -t rsa
When asked for a passphrase ,leave it blank i.e, just press enter. as simple as that!!
This is about configuring ssh, not git. If you haven't already, you should use ssh-keygen (with a blank passphrase) to create a key pair. Then, you copy the public key to the remote destination with ssh-copy-id. Unless you have need of multiple keys (e.g. a more secure one with a passphrase for other purposes) or you have some really weird multiple-identity stuff going on, it's this simple:
ssh-keygen # enter a few times to accept defaults
ssh-copy-id -i ~/.ssh/id_rsa user@host
Edit:
You should really just read DigitalRoss's answer, but: if you use keys with passphrases, you'll need to use ssh-add <key-file> to add them to ssh-agent (and obviously start up an ssh-agent if your distribution doesn't already have one running for you).
Source: Stackoverflow.com