For the past few weeks I’ve had problems logging into servers using my SSH keys from Ubuntu desktops. The following would happen each time:

[chris@work ~]$ ssh server
Agent admitted failure to sign using the key.
Permission denied (publickey).
[chris@work ~]$ 

Oddly, this only happened from my Ubuntu desktop systems. My Ubuntu servers had no issue connecting.

After some digging, I found out that issues with the gnome-keyring were at fault. gnome-keyring doesn’t always handle specific formats of SSH keys correctly. Unfortunately, gnome-keyring was trying to handle all SSH key usage, preventing the keys from working.

If you are having this issue, you can confirm that gnome-keyring is at fault on your system by added SSH_AUTH_SOCK=0 in front of the ssh command as follows:

[chris@work ~]$ SSH_AUTH_SOCK=0 ssh server
Welcome to Ubuntu 14.10 (GNU/Linux 3.13.0-37-generic x86_64)

 * Documentation:  https://help.ubuntu.com/

0 packages can be updated.
0 updates are security updates.

Last login: Wed Mar 11 11:49:50 2015 from host
[chris@work ~]$ 

If the connection works, then you likely have the same problem that I had. If the connection does not work, please read the Fixing other sources of agent failure section below for further ideas to fix your problem.

Fixing gnome-keyring interference

In order to fix the gnome-keyring interference, the “SSH Key Agent” will have to be disabled from the startup applications. In Unity’s dash, search for “startup” and select “Startup Applications”. This lists the programs that automatically run when your user logs in.

If you see “SSH Key Agent”, uncheck the box and reboot. After you log back in, your ssh connections should work normally.

If you do not see “SSH Key Agent”, you are reading this before the update has been released for your version of Ubuntu. You will first have to update your system to install pre-release updates. To do this, open up Unity’s dash, search for “software”, and select “Software & Updates”. Select the “Updates” tab. Enable the “Pre-released updates” option, provide your user password if requested, and click the “Close” button. If a dialog pops up saying “the information about available software is out-of-date”, click the “Reload” button and wait for the update to finish. Open up Unity’s dash, search for “software” again, and select “Software Updater”. Confirm any dialogs and provide your password if requested. This will install the updates that you just made available. After this is done, reboot your system.

After the reboot, open Unity’s dash, search for “startup” and select “Startup Applications”. Uncheck the option for “SSH Key Agent” and reboot. After you log back in, your ssh connections should work normally.

Note: Details about this bug and the update allowing for disabling the “SSH Key Agent” can be found in Bug #1387303 in Ubuntu’s bug tracker.

Fixing other sources of agent failure

If using SSH_AUTH_SOCK=0 in front of the ssh command does not fix your issue, your system could either not have an SSH agent available that provides the keys to the ssh process or the agent is not loaded with your keys.

The most simple thing to check is if running ssh-add can fix the issue. For example:

[chris@work ~]$ ssh-add
Identity added: /home/chris/.ssh/id_rsa (/home/chris/.ssh/id_rsa)
[chris@work ~]$ 

This means that your SSH agent was running, but it did not have your keys loaded. After this, see if you are now able to login successfully.

Another possibility is the following:

[chris@work ~]$ ssh-add
Could not open a connection to your authentication agent.
[chris@work ~]$ 

This means that you do not have an SSH agent running. To fix this, do the following:

[chris@work ~]$ eval "$(ssh-agent -s)"
Agent pid 9267
[chris@work ~]$ ssh-add
Identity added: /home/chris/.ssh/id_rsa (/home/chris/.ssh/id_rsa)
[chris@work ~]$ 

After this, you should be able to ssh into servers that you have valid keys for.

If you see the following:

[chris@work ~]$ ssh server
Permission denied (publickey).
[chris@work ~]$ 

This means that your keys have loaded, but your keys are not authorized to access the server.

Did I help you?