为了忘记私钥密码(id_rsa),我通常运行:
ssh-add -D # to forget all loaded identities
ssh-add -d # to forget primary identity ($HOME/.ssh/id_rsa)
现在使用 macOS Sierra v10.12.1 我收到此错误:
$ ssh-add -D
All identities removed.
$ ssh-add -d
Could not remove identity "/Users/user/.ssh/id_rsa": agent refused operation
Could not remove identity "/Users/user/.ssh/id_dsa": agent refused operation
我搜索谷歌没有运气!
答案1
我和塞拉也有同样的问题。尝试删除id_rsa
然后$HOME/.ssh/
重新启动(我id_rsa.pub
也删除了 - 因此两个键私人的和民众)。它解决了我的问题。
答案2
就我而言,我遇到了一个稍微不同的问题。当我调用ssh-add -D
代理时,它似乎成功并做出响应All identities removed.
,但实际上,在列出代理密钥时,ssh-add -l
不需要的密钥仍然列出,当然,当尝试使用代理对远程主机进行身份验证时,代理会提示我使用我配置的pin 程序将密码短语设置为不需要的密钥。恼人的。
问题的原因是我的 gpg-agent 守护进程已将密钥缓存在路径下的文件中~/.gnupg/sshcontrol
:
$ cat ~/.gnupg/sshcontrol
# List of allowed ssh keys. Only keys present in this file are used
# in the SSH protocol. The ssh-add tool may add new entries to this
# file to enable them; you may also add them manually. Comment
# lines, like this one, as well as empty lines are ignored. Lines do
# have a certain length limit but this is not serious limitation as
# the format of the entries is fixed and checked by gpg-agent. A
# non-comment line starts with optional white spaces, followed by the
# keygrip of the key given as 40 hex digits, optionally followed by a
# caching TTL in seconds, and another optional field for arbitrary
# flags. Prepend the keygrip with an '!' mark to disable it.
# RSA key added on: 2021-06-03 16:23:25
# Fingerprints: MD5:c1:[elided]:24
# SHA256:+Mj[elided]E4
21[elided]C9 0
# Ed25519 key added on: 2021-06-03 22:11:36
# Fingerprints: MD5:[elided]:24:da
# SHA256:EL[elided]Zs
E0[elided]47 0
从 中删除这些密钥~/.gnupg/sshcontrol
使我能够恢复使用 gpg-agent 来对远程主机进行身份验证,而无需代理要求我不再使用的密钥的密码。
答案3
当引用的身份与添加的身份不同时,我就发生了此错误。该-d
选项删除特定的键。如果该密钥从未加载过,则拒绝将其删除。您可以检查加载的密钥ssh-add -l
并检查密钥签名ssh-keygen -lf <path-to-private-key>
答案4
我发现Ubuntu 18.04仍然有这个bug。
这是我从 ssh-agent 中删除不需要的密钥的简单方法,无需任何重大努力:
找到您要删除的密钥
ssh-add -l 2048 SHA256:qzJYF7AJAJsLsJn7ZFPcJ+w78ZJVoPZI9TzXCq2cf5 .ssh/bad-key.pem (RSA)
进入 ~/.ssh 目录并创建子目录,例如名为“disabled”
cd ~/.ssh mkdir disabled
将要禁用的密钥移到该目录中。
mv bad-key.pem disabled/
就是这样。该密钥在 ssh-agent 中应该不再可用,但您仍然可以拥有它并在需要时将其添加回来。