Tumbleweed 20210422
I have a number of keys entered using ssh-add. I can now log in to remote sites without the password step.
Then I log out. Most of those keys added by ssh-add are no longer added. A post mentioned that entries in <.ssh/config> using the IdentityFile command are permanent, i.e., they are loaded when logging in. Not my experience. (The config file has perms 600.)
Oddly, there is one key that is permanent; it happens to be the first in the list of IdentityFile entries.
How do I make the other keys a permanent feature in the login startup?
Is only one IdentityFile entry allowed?
That’s correct in general. ssh-add adds keys to running SSH agent; logging out likely terminates this agent and logging in starts new instance.
A post mentioned
What post? We cannot comment on something we have never seen.
Anyway, it is heavily dependent on desktop environment you are using, and you did not mention it.
jimoe666, I am a bit unsure what you are trying.
“ssh-add” is a component of the “ssh-agent”, which in turn is often used when your keys are additionally secured by a password. Without a “ssh-agent” you have to type in the appropriate passphrase every time you are using one of your private keys.
The declaration of which key will used and for what, is independent of that topic and could be done as following:
$ vim ~/.ssh/config
Match host=computer1,computer2,computer3
IdentitiesOnly yes
IdentityFile ~/.ssh/id_rsa_1
Match host=example.com
IdentitiesOnly yes
IdentityFile ~/.ssh/id_ed25519
I am sure, “ssh-add -L” will show you all keys. For me the question is, what are we talking about? Is it the management of different identities in general or indeed a ssh-agent topic because all of your keys are additionally secured by a password?
If so, how should the agent have been launched? There exists multiple ways.
[quote]A post mentioned …
What post? We cannot comment on something we have never seen. [/quote]
Anyway, it is heavily dependent on desktop environment you are using, and you did not mention it.
Gnome v40.0
I found the magic: Include the public key with the private keys in <.ssh/>.
While the first answer may be interpreted this way, it is really incorrect in the context of original question. But later this thread does mention that …
Gnome v40.0
… gnome-keyring automatically adds all identities with public keys that are located in standard place (~/.ssh). This is gnome-keyring specific and has really nothing to do with ssh-add which is why I asked about DE.
You can mostly get the same result without gnome-keyring by setting AddKeysToAgent ssh option. Then ssh will add private key to agent the first time it is used. Advantage is that identity file can be anywhere. The difference is that gnome-keyring allows you to store passphrase for SSH key in its own keyring which is encrypted by your login password and automatically used it to unlock SSH key. That requires that login password is known to gnome-keyring, so does not work for auto-autologin (unless keyring is unlocked by other means).