OS X Keychain keeps prompting me for my SSH passphrase even though I save it (OS X 10.6.8)

Question

Every time I log in to a remote server with SSH, OS X keychain prompts me to remember the SSH passphrase. I type in the passphrase and check the box to remember it. I then connect ok to the server but then the next time I get prompted again and so on...

I have a private key to ssh into my server and the connection works. In my hosts file I have:

Host myhost
    HostName xxx.xxx.xxx.xx
    GlobalKnownHostsFile ~/.ssh/known_hosts
    port 22
    User myuser
    IdentityFile ~/.ssh/mykey_dsa
    IdentitiesOnly yes

.. and then I type ssh myhost

This is only a recent problem so I suspect and issue with Keychain? To be clear, I can 're-add' to keychain every time and connect but this defats the purpose. The permissions on my dsa key are set at 600 or -rw-------@

I tried repairing disk permissions but that did no good. My Google-foo is also failing me, nothing of use came up. So I am not sure if this an OS X / keychain issue or an SSH issue.

update: When I try ssh -vvv myhost, I think it reveals the issue:

debug1: Trying private key: /Users/danny/.ssh/mykey_dsa
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
debug3: Not a RSA1 key file /Users/danny/.ssh/mykey_dsa.
debug1: read PEM private key done: type DSA
Identity added: /Users/danny/.ssh/mykey_dsa (/Users/danny/.ssh/mykey_dsa)
debug1: read PEM private key done: type DSA
debug3: sign_and_send_pubkey
debug2: we sent a publickey packet, wait for reply
debug1: Authentication succeeded (publickey).

... and after that I get connected. I think this crux of the matter is:

PEM_read_PrivateKey failed

Update 2: After trying the same key and settings on another Mac with 10.6.8 as well, everything worked fine so I think this is a Mac specific question, possibly a permissions keychain issue.

Update 3 I also tried a clean install of Mountain Lion (10.8.1) and alas the same issue which I totally don't get.

Possibly related: https://discussions.apple.com/thread/3518441?start=0&tstart=0

Update 4 This is the answer

Try ssh -v[v] myserver to get detailed information about the error. — , Aug 28 '12 at 01:32
@ansi_lumen I tried ssh -vvv and posted the results above. I think the issue is PEM_read_PrivateKey failed but I don't know why, I generated this key just like all my others which get added to the keychain and stay in there. — Danny Englander, Aug 28 '12 at 15:08
This fixed it for me: http://apple.stackexchange.com/a/26252/17690 — Danny Englander, Aug 29 '12 at 13:07

score 13 · Answer 1 · edited Apr 13 '17 at 12:45

Answer copied from https://apple.stackexchange.com/a/26252/17690

Make sure you have a corresponding id_rsa.pub or id_dsa.pub in your ~/.ssh directory.

When I had an id_rsa but not a corresponding id_rsa.pub, Mac OS X kept popping up the dialog and remember passowrd in my keychain did nothing.

cd ~/.ssh
ssh-keygen -y -f id_rsa > id_rsa.pub

generated the appropriate public key file for me.

If you already had your public file there (rename it to another name) and generate the public key again using the above command, you'll notice that the generated and the old one are not equal. Somehow the older versions of Mac OS X generated a public key that Lion does not like anymore, generating it again fixes that.

For the curious, the key is exactly the same, the part that changes is that there is no "comments" section after the key on the file any longer.

This helped me get part way there, but I also was pasting in a private key, and it wasn't being split on the whitespace, it was all in one line. After resolving this, the same problem that OP was having, was resolved. — Cameron Gagnon, Aug 25 '16 at 14:26

OS X Keychain keeps prompting me for my SSH passphrase even though I save it (OS X 10.6.8)

1 Answers1