I am a bit confused by the bug report. I think ssh-add is correctly adding the DSA key to the agent, and the fact that running ssh-add again requests the password again is normal and expected. Looks Trusty behaves the same:
ubuntu@paride-t:~$ eval $(ssh-agent -s) Agent pid 2406 ubuntu@paride-t:~$ ssh-add Enter passphrase for /home/ubuntu/.ssh/id_rsa: Identity added: /home/ubuntu/.ssh/id_rsa (/home/ubuntu/.ssh/id_rsa) ubuntu@paride-t:~$ ssh-add Enter passphrase for /home/ubuntu/.ssh/id_rsa: Identity added: /home/ubuntu/.ssh/id_rsa (/home/ubuntu/.ssh/id_rsa) So in my view this part of the bug is Invalid. @Rolf maybe you didn't realize as normally when ssh pubkey authentication just works there's no point in re-running ssh-agent? I don't think keychain comes into play in this, as it is just a handy tool to manage the environment variables pointing to the ssh-agent socket. The password prompts are from ssh-add. Then there is the fact that DSA keys have been deprecated from authentication, which is the root of the issue in my opinion. This is in my opinion a Wontfix, as heightening the security baseline requires deprecating older standards. I'm moving this back to Incomplete. ** Changed in: openssh (Ubuntu) Status: Triaged => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1764044 Title: ssh-add asks about passphrases for keys already unlocked in the keychain Status in openssh package in Ubuntu: Incomplete Bug description: In the below example, on the second invocation of ssh-add I should not be prompted to enter the passphrase again after I successfully entered it on the first instance. This used to work fine in trusty i386 setup. $ keychain && ssh-add * keychain 2.8.2 ~ http://www.funtoo.org * Starting ssh-agent... Enter passphrase for /home/rolf/.ssh/id_rsa: Identity added: /home/rolf/.ssh/id_rsa (/home/rolf/.ssh/id_rsa) Enter passphrase for /home/rolf/.ssh/id_dsa: Identity added: /home/rolf/.ssh/id_dsa (/home/rolf/.ssh/id_dsa) $ keychain && ssh-add * keychain 2.8.2 ~ http://www.funtoo.org * Found existing ssh-agent: 25744 Enter passphrase for /home/rolf/.ssh/id_rsa: Identity added: /home/rolf/.ssh/id_rsa (/home/rolf/.ssh/id_rsa) Enter passphrase for /home/rolf/.ssh/id_dsa: Identity added: /home/rolf/.ssh/id_dsa (/home/rolf/.ssh/id_dsa) gnome-keyring is running: $ ps -ax|grep key 2067 ? SLl 0:05 /usr/bin/gnome-keyring-daemon --start --components ssh 2078 ? Ssl 0:01 /usr/lib/x86_64-linux-gnu/indicator-keyboard/indicator-keyboard-service --use-gtk 6987 ? S 0:00 /usr/bin/ssh-agent -D -a /run/user/1000/keyring/.ssh 17832 pts/2 S+ 0:00 grep --color=auto key ssh-agent is running: $ ps aux | grep ssh-agent leggewie 1928 0.0 0.0 15548 340 ? Ss 02:38 0:00 /usr/bin/ssh-agent /usr/bin/im-launch env LD_PRELOAD=libgtk3-nocsd.so.0 /usr/lib/gnome-session/run-systemd-session unity-session.target leggewie 6987 0.0 0.0 11304 1484 ? S 02:50 0:00 /usr/bin/ssh-agent -D -a /run/user/1000/keyring/.ssh leggewie 9952 0.0 0.0 11304 320 ? Ss 04:11 0:00 ssh-agent bash leggewie 17850 0.0 0.0 14492 1160 pts/2 S+ 06:06 0:00 grep --color=auto ssh-agent $ env|grep SSH SSH_AUTH_SOCK=/tmp/ssh-W6fuGBztRRds/agent.6992 SSH_AGENT_PID=9952 SSH_AGENT_LAUNCHER=gnome-keyring To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1764044/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp