“ssh-add -d”拒绝删除身份

“ssh-add -d”拒绝删除身份

为了忘记私钥密码(id_rsa),我通常运行:

ssh-add -D # to forget all loaded identities
ssh-add -d # to forget primary identity ($HOME/.ssh/id_rsa)

现在使用 macOS Sierra v10.12.1 我收到此错误:

$ ssh-add -D
All identities removed.
$ ssh-add -d
Could not remove identity "/Users/user/.ssh/id_rsa": agent refused operation
Could not remove identity "/Users/user/.ssh/id_dsa": agent refused operation

我搜索谷歌没有运气!

答案1

我和塞拉也有同样的问题。尝试删除id_rsa然后$HOME/.ssh/重新启动(我id_rsa.pub也删除了 - 因此两个键私人的民众)。它解决了我的问题。

答案2

就我而言,我遇到了一个稍微不同的问题。当我调用ssh-add -D代理时,它似乎成功并做出响应All identities removed.,但实际上,在列出代理密钥时,ssh-add -l不需要的密钥仍然列出,当然,当尝试使用代理对远程主机进行身份验证时,代理会提示我使用我配置的pin 程序将密码短语设置为不需要的密钥。恼人的。

问题的原因是我的 gpg-agent 守护进程已将密钥缓存在路径下的文件中~/.gnupg/sshcontrol

$ cat ~/.gnupg/sshcontrol
# List of allowed ssh keys.  Only keys present in this file are used
# in the SSH protocol.  The ssh-add tool may add new entries to this
# file to enable them; you may also add them manually.  Comment
# lines, like this one, as well as empty lines are ignored.  Lines do
# have a certain length limit but this is not serious limitation as
# the format of the entries is fixed and checked by gpg-agent. A
# non-comment line starts with optional white spaces, followed by the
# keygrip of the key given as 40 hex digits, optionally followed by a
# caching TTL in seconds, and another optional field for arbitrary
# flags.   Prepend the keygrip with an '!' mark to disable it.

# RSA key added on: 2021-06-03 16:23:25
# Fingerprints:  MD5:c1:[elided]:24
#                SHA256:+Mj[elided]E4
21[elided]C9 0
# Ed25519 key added on: 2021-06-03 22:11:36
# Fingerprints:  MD5:[elided]:24:da
#                SHA256:EL[elided]Zs
E0[elided]47 0

从 中删除这些密钥~/.gnupg/sshcontrol使我能够恢复使用 gpg-agent 来对远程主机进行身份验证,而无需代理要求我不再使用的密钥的密码。

答案3

当引用的身份与添加的身份不同时,我就发生了此错误。该-d选项删除特定的键。如果该密钥从未加载过,则拒绝将其删除。您可以检查加载的密钥ssh-add -l并检查密钥签名ssh-keygen -lf <path-to-private-key>

答案4

我发现Ubuntu 18.04仍然有这个bug。

这是我从 ssh-agent 中删除不需要的密钥的简单方法,无需任何重大努力:

  1. 找到您要删除的密钥

    ssh-add -l
    2048 SHA256:qzJYF7AJAJsLsJn7ZFPcJ+w78ZJVoPZI9TzXCq2cf5 .ssh/bad-key.pem (RSA)
    
  2. 进入 ~/.ssh 目录并创建子目录,例如名为“disabled”

    cd ~/.ssh
    mkdir disabled
    
  3. 将要禁用的密钥移到该目录中。

    mv bad-key.pem disabled/
    

就是这样。该密钥在 ssh-agent 中应该不再可用,但您仍然可以拥有它并在需要时将其添加回来。

相关内容