6

Asking a more precise question:

It appears that I can complete an rsync-over-ssh, using a key that requires a passphrase, without entering the passphrase. For example, I can run the rsync from the command line:

rsync -qavz -e ssh -i /home/keshlam/.ssh/password_id_dsa.pub a.a [email protected]:/home/password_id/a.a

and see the a.a file appear on the remote machine without being prompted for the passphrase.

My best guess is that this is an ssh caching effect -- I entered the passphrase yesterday and the two machines are still trusting each other.

Does this analysis make sense? And if so what's the easiest reliable way to flush that cache for testing -- reboot?

Jakuje
  • 20,974
  • 7
  • 51
  • 70
keshlam
  • 403
  • 2
  • 10

1 Answers1

11

My best guess is that this is an ssh caching effect -- I entered the passphrase yesterday and the two machines are still trusting each other.

This is ssh-agent or some gnome-keyring, which stores your key private key encrypted so it can be used.

what's the easiest reliable way to flush that cache for testing -- reboot?

List the keys stored in your ssh-agent using ssh-add -l. It should be listed. You can remove it using ssh-add -d /path/to/your.key

Jakuje
  • 20,974
  • 7
  • 51
  • 70
  • That worked, thanks. Unfortunately this brings me back to my other problem; the `expect` script I'm trying to use to pump the password into ssh isn't working because the password prompt is popping up as a window. Need to switch it back to command-line interaction, somehow. – keshlam Jan 30 '17 at 18:41
  • I suspect the popup is also coming from ssh-agent, given that when I "deny" on that screen I get the message "Agent admitted failure to sign using the key" – keshlam Jan 30 '17 at 18:50
  • @keshlam according to [this question](http://unix.stackexchange.com/q/83986/24712) it displays a window when you don't have an associated terminal and the environmental variable `SSH_ASKPASS` is set (and `ssh-askpass` is installed...). So (maybe) you may be able to fix this by modifying the environment and delete the variable (`unset SSH_ASKPASS`). – Bakuriu Jan 30 '17 at 19:17
  • @bakiru: No such luck, apparently. – keshlam Jan 30 '17 at 20:58