I have a passphrase-protected SSH key stored in ~/.ssh/id_rsa
. In my .zshrc
I have this fragment:
if ! ssh-add -l > /dev/null; then
ssh-add
fi
After booting, I usually open the terminal, see the passphrase prompt, then unlock my KeePass 2 DB, copy the passphrase to clipboard and paste it into the terminal to add the key to the agent.
A few days ago, I have rebooted the system, logged in, and opened the terminal. To my surprise, the passphrase prompt didn't appear. Surprised, I typed ssh-add -l
to see my key already added. That was weird, but I hand-waved it away, thinking that I forgot that I've already typed the password.
A moment ago, I ran sudo systemctl kexec
, and after logging in, the key was already added again. My KeePass DB was locked. The passphrase is long and random (/[a-zA-Z0-9]{20}/
). This time I suspected it's something specific to kexec
, but after yet another sudo systemctl kexec
, the passphrase prompt appeared, the key wasn't added to the agent.
- How come my SSH key is sometimes added to the agent after reboot?
Can it also happen after a cold boot?(yes)- What can I do to prevent it?
I'm using Pop!_OS 18.04, booting with UEFI off a GPT disk with LUKS-encrypted /
and unencrypted /boot,
no LVM if that matters.
Edit: I've just cold booted after 4 days and the key was already added to agent again.