Reputation: 1360
I copied identities id_rsa
from an old computer to a new one, both running the same version of Debian. When I do ssh-add
I get:
Could not add identity xxx: agent refused operation
Why?
Upvotes: 13
Views: 26499
Reputation: 6205
In my case the SSH_AUTH_SOCK
socket was not pointing to the correct ssh-agent instance. So what I did was to
ssh-agent -d
so that it printed its socket,SSH_AUTH_SOCK
to that value and run ssh-add <key file>
, which workedOriginallySSH_AUTH_SOCK
was /private/tmp/com.apple.launchd.3sfgCOEaij/Listeners
(I am on Mac) while when I start ssh-agent, it creates /var/folders/07/46ycckp94db7k29k012nxjp00000gn/T//ssh-bWhNQhrLKeVJ/agent.35804
, i.e. a completely different path. I have no idea where the original one came from. (It is also possible that the GPG Suite and its gpg-agent
are somehow messing things up.)
I think I know what the problem was. The original SSH_AUTH_SOCK (...apple.../Listeners) is likely set by Apple's ssh-agent, while I have been starting an openssh agent installed via brew (where ssh-agent
-> /usr/local/bin/ssh-agent
which is symlink to /usr/local/Cellar/openssh/9.1p1/bin/ssh-agent
). That is also why I had to ssh-agent instances - the first was the OS-started apple one, the second was the openssh one I started in the terminal.
And my ssh-add
was failing b/c apple ssh-agent is old and does not support *-sk keys (sk = security key, with support for FIDO/U2F Support, see https://www.openssh.com/txt/release-8.2).
I have changed the ssh-agent started by OSX to be the brew-installed one - in /System/Library/LaunchAgents/com.openssh.ssh-agent.plist
I changed the path (the first of ProgramArguments) from ~/usr/bin/ssh-agent~ to
Upvotes: 0
Reputation: 2462
Your ssh-agent
is not running or ssh-add
can not connect to it via SSH_AUTH_SOCK
.
Upvotes: 4