Note that there is at least two bug report for ssh-add -d/-D not removing keys. The exact issue is. ssh-add -d/-D deletes only manually added keys from gnome-keyring. There is no way to delete automatically added keys. This is the original bug, and it's still definitely present. So, for example, if you have two different automatically-loaded ssh identities associated with two different GitHub accounts -- say for work and for home -- there's no way to switch between them. GitHubtakes the first one which matches, so you always appear as your 'home' user to GitHub, with no way to upload things to work projects. Allowing ssh-add -d to apply to automatically-loaded keys (and ssh-add -t X to change the lifetime of automatically-loaded keys), would restore the behavior most users expect. More precisely, about the issue. The culprit is gpg-keyring-daemon. It subverts the normal operation of ssh-agent, mostly just so that it can pop up a pretty box into which you can type the passphrase for an encrypted ssh key. And it paws through your directory, and automatically adds any keys it finds to your agent. And it won't let you delete those keys. How do we hate this? Let's not count the ways -- life's too short. The failure is compounded because newer ssh clients automatically try all the keys in your ssh-agent when connecting to a host. If there are too many, the server will reject the connection. And since gnome-keyring-daemon has decided for itself how many keys you want your ssh-agent to have, and has autoloaded them, AND WON'T LET YOU DELETE THEM, you're toast. This bug is still confirmed in Ubuntu 14.04.4, as recently as two days ago (August 21st, 2014. A possible workaround. Do ssh-add -D to delete all your manually added keys. This also locks the automatically added keys, but is not much use since gnome-keyring will ask you to unlock them anyways when you try doing a git push. Navigate to your. folder and move all your key files except the one you want to identify with into a separate folder called backup. If necessary you can also open seahorse and delete the keys from there. Now you should be able to do git push without a problem. What you really want to do is to turn off gpg-keyring-daemon altogether. Go to System -- Preferences -- Startup Applications. and unselect the " SSH Key Agent (Gnome Keyring SSH Agent) " box -- you'll need to scroll down to find it. You'll still get an ssh-agent. only now it will behave sanely: no keys autoloaded, you run ssh-add to add them, and if you want to delete keys, you can. Imagine that. The solution is to keep gnome-keyring-manager from ever starting up, which was strangely difficult by finally achieved by removing the program file's execute permission. @VonC, by the way, to remove the keys on the client host, optionally do this: ssh-add -l and count how many keys there are perhaps by piping to wc. Then rm. Then optionally do this: ssh-add -l and you will see there is a different count. In other words, deletion from the agent is automatic if you delete from the file system. H2ONaCl Jan 26 at 9:02. This answer lead me to solve a problem showing up with ssh forwarding enabled. Going from an Ubuntu 16.04 machine to a debian system where all ssh credentials are being forwarded a git clone was using the first key in the chain instead of the version in the config file on the Ubuntu box. The bad key was getting sucked in automatically and forwarded to the Debian box. redfive Feb 16 at 5:51. Unless I'm misunderstanding, you lost your directory containing your private key on your local machine and so you want to remove the public key which was on a server and which allowed key-based login. In that case, it will be stored in the file in your home directory on the server. You can just edit this file with a text editor and delete the relevant line if you can identify it (even easier if it's the only entry!). I hope that key wasn't your only method of access to the server and you have some other way of logging in and editing the file. You can either manually add a new public key to authorised_keys file or use ssh-copy-id. Either way, you'll need password auth set up for your account on the server, or some other identity or access method to get to the authorized_keys file on the server. ssh-add adds identities to your ssh agent which handles management of your identities locally and "the connection to the agent is forwarded over SSH remote logins, and the user can thus use the privileges given by the identities anywhere in the network in a secure way." (man page), so I don't think it's what you want in this case. It has no way to get your public key onto a server without you having access to said server via an ssh login as far as I know. answered Aug 23 '14 at 18:47.
PREVIOUS NEXT