It seems that ssh-add -K ~/.ssh/id_rsa will load your key but will ask for the password each time you reboot.
I haven't personally tried but you might be able to export the private key from the Mac server and import into the Synology (sorry, I don't have it in front of me at the moment to look around). Otherwise, you will need to get it an SSL cert for itself. How can I export the private key for an address from the satoshi client? Ask Question. Up vote 36 down vote favorite. If I want to transfer an address from the satoshi client into a different client, how can I find its private key to do so? Client bitcoin-core private-key. How can I retrieve my Bitcoin Core Wallet Private Key on a Mac?
I am looking for a solution that would not require me to re-enter the key password between logins.
sorinsorin6 Answers
On OSX, the native ssh-add client has a special argument to save the private key's passphrase in the OSX keychain, which means that your normal login will unlock it for use with ssh. On OSX Sierra and later, you also need to configure SSH to always use the keychain (see Step 2 below).
Alternatively you can use a key without a passphrase, but if you prefer the security that's certainly acceptable with this workflow.
Step 1 - Store the key in the keychain
Just do this once:
Do I Need To Import A Private Syology Key For My Mac Client Management
Enter your key passphrase, and you won't be asked for it again.
(If you're on a pre-Sierra version of OSX, you're done, Step 2 is not required.)
Step 2 - Configure SSH to always use the keychain
It seems that OSX Sierra removed the convenient behavior of persisting your keys between logins, and the update to ssh no longer uses the keychain by default. Because of this, you will get prompted to enter the passphrase for a key after you upgrade, and again after each restart.
The solution is fairly simple, and is outlined in this github thread comment. Here's how you set it up:
Ensure you've completed Step 1 above to store the key in the keychain.
If you haven't already, create an
~/.ssh/configfile. In other words, in the.sshdirectory in your home dir, make a file calledconfig.In that
.ssh/configfile, add the following lines:Change
~/.ssh/id_rsato the actual filename of your private key. If you have other private keys in your~.sshdirectory, also add anIdentityFileline for each of them. For example, I have one additional line that readsIdentityFile ~/.ssh/id_ed25519for a 2nd private key.The
UseKeychain yesis the key part, which tells SSH to look in your OSX keychain for the key passphrase.That's it! Next time you load any ssh connection, it will try the private keys you've specified, and it will look for their passphrase in the OSX keychain. No passphrase typing required.
How To Import A Private Key
triswebtriswebHow To Import A Private Key Bitcoin
I had a similar problem, in that I was being asked EVERY TIME for my pub-key passphrase.
Per suggestion of user 'trisweb' above, I turned on these options to ~/.ssh/config:
BUT it still prompted every time I wanted to use ssh.
Eventually I turned on 'ssh -v' and found this debug line:
debug1: key_load_private: incorrect passphrase supplied to decrypt private key
I then opened my keychain in 'Keychain Access.app', found the key named 'SSH: /Users/username/.ssh/id_rsa' and opened it up.
I clicked 'Show password' to disclose the password and indeed found that the passphrase in the keyring was an old passphrase.
I updated the passphrase in Keychain Access, and now password-free works.
I could have also updated the passphrase with this phrase:
ssh-keygen -p -f ~/.ssh/id_rsa
You are being prompted for the password every time because your 'login' keychain is being locked after inactivity and/or sleeping or in your case a reboot. There are two ways to solve this for you.
Change the settings for your 'login' keychain. Assuming your ssh key is stored in the 'login' keychain.
- Open Keychain Access
- Highlight the 'login' keychain
- Right-click or option-click the 'login' keychain
- Uncheck the 'Lock after X minutes of inactivity' and the 'Lock when sleeping' checkboxes.
Generate another SSH key without using a passphrase.
- Open Terminal.
- Enter command:
ssh-keygen -t rsa -b 4096 -C <comment> -f <.ssh/id_rsa> - -t is for type, -b is key size, -C is comment, -f output file (must create directories first)
- Do not set a passphrase.
- Import SSH key into 'login' keychain with
ssh-add -K <path to ssh key>
You should not be prompted for a keychain password anymore.
grg♦Also, in macOS Sierra and HighSierra (don't know about previous versions), running ssh-add -A will get the agent to load all keys whose passphrases are stored on Keychain... So very handy
To all where the above did not work, my issue appears to have been because I was duplicating the UseKeychain yes & AddKeysToAgent yes in all ssh key profiles / shortcuts. I updated my ~/.ssh/config file to declare these only once and they now all load on login without prompting for passwords on startup, e.g:
Add the public key in:
Public key usually are on:
Hope that helps