For the past few weeks I’ve had problems logging into servers using my SSH keys from Ubuntu desktops. The following would happen each time:
[chris@work ~]$ ssh server Agent admitted failure to sign using the key. Permission denied (publickey). [chris@work ~]$
Oddly, this only happened from my Ubuntu desktop systems. My Ubuntu servers had no issue connecting.
After some digging, I found out that issues with the gnome-keyring were at fault. gnome-keyring doesn’t always handle specific formats of SSH keys correctly. Unfortunately, gnome-keyring was trying to handle all SSH key usage, preventing the keys from working.
If you are having this issue, you can confirm that gnome-keyring is at fault on your system by added SSH_AUTH_SOCK=0
in front of the ssh command as follows:
[chris@work ~]$ SSH_AUTH_SOCK=0 ssh server Welcome to Ubuntu 14.10 (GNU/Linux 3.13.0-37-generic x86_64) * Documentation: https://help.ubuntu.com/ 0 packages can be updated. 0 updates are security updates. Last login: Wed Mar 11 11:49:50 2015 from host [chris@work ~]$
If the connection works, then you likely have the same problem that I had. If the connection does not work, please read the Fixing other sources of agent failure section below for further ideas to fix your problem.
Fixing gnome-keyring interference
In order to fix the gnome-keyring interference, the “SSH Key Agent” will have to be disabled from the startup applications. In Unity’s dash, search for “startup” and select “Startup Applications”. This lists the programs that automatically run when your user logs in.
If you see “SSH Key Agent”, uncheck the box and reboot. After you log back in, your ssh connections should work normally.
If you do not see “SSH Key Agent”, you are reading this before the update has been released for your version of Ubuntu. You will first have to update your system to install pre-release updates. To do this, open up Unity’s dash, search for “software”, and select “Software & Updates”. Select the “Updates” tab. Enable the “Pre-released updates” option, provide your user password if requested, and click the “Close” button. If a dialog pops up saying “the information about available software is out-of-date”, click the “Reload” button and wait for the update to finish. Open up Unity’s dash, search for “software” again, and select “Software Updater”. Confirm any dialogs and provide your password if requested. This will install the updates that you just made available. After this is done, reboot your system.
After the reboot, open Unity’s dash, search for “startup” and select “Startup Applications”. Uncheck the option for “SSH Key Agent” and reboot. After you log back in, your ssh connections should work normally.
Note: Details about this bug and the update allowing for disabling the “SSH Key Agent” can be found in Bug #1387303 in Ubuntu’s bug tracker.
Fixing other sources of agent failure
If using SSH_AUTH_SOCK=0
in front of the ssh command does not fix your issue, your system could either not have an SSH agent available that provides the keys to the ssh process or the agent is not loaded with your keys.
The most simple thing to check is if running ssh-add
can fix the issue. For example:
[chris@work ~]$ ssh-add Identity added: /home/chris/.ssh/id_rsa (/home/chris/.ssh/id_rsa) [chris@work ~]$
This means that your SSH agent was running, but it did not have your keys loaded. After this, see if you are now able to login successfully.
Another possibility is the following:
[chris@work ~]$ ssh-add Could not open a connection to your authentication agent. [chris@work ~]$
This means that you do not have an SSH agent running. To fix this, do the following:
[chris@work ~]$ eval "$(ssh-agent -s)" Agent pid 9267 [chris@work ~]$ ssh-add Identity added: /home/chris/.ssh/id_rsa (/home/chris/.ssh/id_rsa) [chris@work ~]$
After this, you should be able to ssh into servers that you have valid keys for.
If you see the following:
[chris@work ~]$ ssh server Permission denied (publickey). [chris@work ~]$
This means that your keys have loaded, but your keys are not authorized to access the server.
Did I help you?
thank you, this helped me today
Thank you very much. This helped a lot and saved me a ton of time.
[…] Sources : doc-ubuntu-fr/Authentification par un système de clés publique/privée doc.fedora-fr/SSH : Authentification par clé Prendre un café/Installer sa clé SSH sur un serveur distant Résoudre problème de certificat sur le client : Chris Jean/Ubuntu SSH Fix for “Agent admitted failure to sign using the key” […]
Thanks! Just what I was looking for!
Yes, thanks also for me. This was exactly what I needed.
Thank you! Your fix solved my problem.
Thanks !
[…]@stefano[…]:~ > ssh-add
Identity added: /home/l0[…]/.ssh/id_rsa (/home/l0[…]/.ssh/id_rsa)
solved my problem !
running SSH agent solved problem.
Thanks!
Thanks a lot! It works for me (SSH_AUTH_SOCK=0)
Disabling the keyring ssh agent worked perfect!
Thanks!
thanks!
thanks a lot! didn’t know i need to execute ssh-add when i create a new ssh key.
congrts !
Thanks
ssh-add works from me.
Thanks you very much!
Thanks, starting ssh-agent worked for me!
[…] The problem was coming from the use of GNOME-KEYRING. The post referring to the solution may be read here. […]
ssh-add worked perfectly for me! Thanks!