You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: krousen
krousen Author
User level: Level 1
9 points

MacOS Sonoma 14.5 -- SSH keeps asking for passwords even after providing an identity file

I upgraded from a 2016 iMac with an Intel chip running MacOS Monterey to a 2023 Mac Studio with an M2 Ultra chip running MacOS Sonoma.


The behavior of SSH has changed. SSH keeps asking for passwords even after I provided an identity file.


My ~/.ssh/config contains:

Host *
   UseKeychain yes
   AddKeysToAgent yes
   IdentityFile ~/.ssh/id_dsa


I've used this command in Terminal:

ssh-add --apple-use-keychain ~/.ssh/id_dsa


I added this to my ~/.bashrc:

ssh-add --apple-load-keychain -q


I even tried this command in Terminal:

ssh -i ~/.ssh/id_dsa me@myurl.com


But I have to provide passwords.


When I run these commands in Terminal:

ssh-add -l
ssh-add -L


I get this message: "The agent has no identities."


When I runn this command:

ssh-add -T ~/.ssh/id_dsa


I get this message: "Couldn't read public key /Users/neal/.ssh/id_dsa: No such file or directory"


The directory ~/.ssh has permissions set to 700 (rwx------). The identity file, or private key, has its permissions set to 600 (rw-------).


Help! What is happening? Why does SSH behave this way?


Mac Studio, macOS 14.5

Posted on Jun 19, 2024 9:46 AM

Reply
7 replies
User profile for user: etresoft
etresoft
User level: Level 9
50,800 points

Jun 21, 2024 7:31 AM in response to krousen

It sounds like you are trying to run a bunch of commands from maybe 20 years ago. You don't have to do any of that. They only time you would want to involve the keychain is when you have an additional passphrase on your key. That's just too much trouble.


Rename your .ssh folder, create a new one, and setup a new default key.

Reply
User profile for user: etresoft
etresoft
User level: Level 9
50,800 points

Jun 21, 2024 4:09 PM in response to krousen

krousen wrote:

hi etresoft,

I rename ~/.ssh, created a new one, setup a new default key, and created a new known_hosts file.

No change. SSH keeps asking for passwords. SSH asks for the passphrase for id_dsa and asks for the site's password.

None of that is using default settings. Start with the basic key generated by "ssh-keygen". Don't try anything fancy. Once you get one part working, only then proceed to more advanced versions.

Reply
User profile for user: krousen
krousen Author
User level: Level 1
9 points

Jun 21, 2024 4:38 PM in response to etresoft

Thank you, I started from scratch. I used the C-Panel from my web host and generated new private/public keys. The keys have a password, too.


I used SSH with the identity file and input the password for the file.


I used SSH a second time to log into my web host, and I was not asked for any passwords.


I ran the command “ssh-add -l” and the new key is listed.


I guess I’ll need to generate new keys for all my sites that I manage.

Reply
User profile for user: etresoft
etresoft
User level: Level 9
50,800 points

Jun 21, 2024 5:32 PM in response to krousen

You only need to generate the key once. You keep the private key on your Mac and install the public key into the authorized_keys file on remote hosts.


That way, you really don't need passphrases as the private key is only on your Mac.


And I recommend looking at AWS Cloud Front for hosting web sites. The SSL certificates alone are worth it.

Reply

MacOS Sonoma 14.5 -- SSH keeps asking for passwords even after providing an identity file

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up