Enable SSH Agent (Key) Forwarding on Snow Leopard
I’m using Git and Capistrano to deploy some ruby applications on multiple servers. My Git setup is done with gitosis which uses a key based authentication over ssh. The deployment script logs into the remote servers and checks out the current application version via Git.
Now to have this working, one must forward the private key, used to authenticate with git, to the server which does the checkout. This is done by the ssh-agent process, which whom you can register your keys by running the command ssh-add.
After switching to Snow Leopard, my deployment script stopped working, because somehow the ssh key didn’t get forwarded to the server and I was presented with a login prompt: “Enter password for git@git.gitserver.local:”. Of course I don’t have a password, because gitosis uses key based authentication only.
To make a long story short, Snow Leopard ships with key forwarding disabled by default and you will have to modify the file /etc/ssh_config to get it working.
Just change the lines
# ForwardAgent no
into
ForwardAgent yes
and you are good.
i’m unfamiliar with terminal. how do I change the lines? terminal? I apologize for the ignorance.
thanks
mritel.
@cass you will need to have a text editor tied into terminal to edit them from the terminal. I have textwrangler setup so I type “edit /etc/ssh_config” and then textwrangler opens. If you use Textmate then the normal command is “mate /etc/ssh_config”
Hi,
Brief summary of my issues:
From home I conncect using ssh keys (with passwords) to my work desktop(s). From there I connect to some of my work servers. This all worked when my work computers where running 10.5.x
Now that the work computers have been upgraded to 10.6.1, I can connect to the work computers from home, but once I try to connect to a server I get prompted for my passphrase for my key.
I modified my /etc/ssh_config file to read:
Host *
ForwardAgent yes
(note I had the ForwardAgent set correctly, but needed to un-comment the Host *)
I disconnected from from my work computer. Reconnected, but still prompted for my passphrase:
Enter passphrase for key ‘/Users/xxx/.ssh/id_rsa’:
Any suggestions? Do I need to restart the sshd service?
Thanks!!
John
John:
You may need to add your passphrases to the Apple keychain. In the terminal, type:
ssh-add -K ~/.ssh/id_rsa
Or whatever the path to your private key is. Do this for each key. This will put the passphrase in the Apple keychain and you will not be prompted for passphrases. If you do not have a key in the default file (id_rsa or id_dsa), the Apple mechanisms do not seem to automatically prompt you for your passphrases.
That worked for me.
Best wishes,
Alan
What threw me off was that I was applying for a software trainer position. ,
Alan,
your comment helped me so much.
Been struggling all afternoon with ssh + svn.
That did it for me.
Thanks,
-Jim