Ssh-agent doesnt save the key after ssh-add

I am trying to setup SSH Key for my github. It doesnt have passphrase to secure it. However, it doesnt work as expected.

I need to do this every time i closed my terminal. It doesnt even work with new terminal while old one still open after doing this.

eval "$(ssh-agent -s)"
ssh-add /path/to/thekey

I already tried with this method and seems like it doesnt work. Despite the ssh-agent on systemd (user) its working

  security = {
    pam = {
      sshAgentAuth.enable = true;
      services = {
        login.kwallet.enable = true;
      };
    };
  };

Anyone got an idea?
This is my setup (github link)

Hi there,

If you use programs.ssh.startAgent = true; in your configuration then nixos will start the ssh-agent. See SSH public key authentication - NixOS Wiki for more details. After starting a terminal you can use ssh-add directly. The agent will keep the ssh key after closing the terminal.

Thank you for your reply.

Despite ssh-agent already running. I still require to do ssh-add /path/to/key everytime my system is rebooted. Is this an expected behavior?

Edit 1 : I forgot to mention that already enable startAgent = true; in my config. Despite its running, i still need to do ssh-add every reboot.

Why do you have to add the key to the agent if it’s not password secured?

What is the problem if you don’t add it?

  1. Simply, i need the key to connect to my github.
  2. If i dont add it then my git would refuse to connect until i do ssh-add again which would only works until i reboot then i need to do ssh-add again.

Even though you didn’t really answer my question, my guess is, you should set up your ~/.ssh/config correctly to use the correct key when dealing with GH.

Host github.com
  IdentityFile ~/.ssh/github

This is what I use to use the correct key.

A SSH certificate for github is used for instance for signing etc, not for login. So can you show which steps you take and what configuration is done related with the ssh certificate?

Signing is unrelated to “refuses to connect”.

And ssh is used for git+ssh URLs, rather than for git+https.

@hans4687 @NobbZ

Just to clear some confusion here

Here some steps i do

  1. Clone any repo using SSH method
  2. Got an error git@github.com: Permission denied (publickey). fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exist

Here somethings that i dont understand

  1. ssh-agent is already running
  2. Looking at ~/.ssh/known_host file i can see github.com key is already exist.
  3. The only fixes that i can do is by adding ssh-add /path/to/file which only works until next reboot

As said, configure SSH to use the correct identity for github.com. I even gave you an example how it looks for me.

With the use of the ssh-agent git does not know which certificate to use. The configuration as NobbZ proposes in a nixos configuration would be:

programs.ssh.extraConfig = ‘’
# Test if github.com works with ssh for cloning
Host github.com
IdentityFile ~/.ssh/github
‘’;

Git will use the ssh configuration, it specifies the certificate for github.

When I give the command it works ok:

[hans@mymachine:~/test]$ git clone ssh://git@github.com/CakZemprongzz/cak-nixos-conf.git
Cloning into ‘cak-nixos-conf’…
remote: Enumerating objects: 407, done.
remote: Counting objects: 100% (188/188), done.
remote: Compressing objects: 100% (135/135), done.
remote: Total 407 (delta 92), reused 141 (delta 51), pack-reused 219 (from 1)
Receiving objects: 100% (407/407), 55.20 KiB | 642.00 KiB/s, done.
Resolving deltas: 100% (188/188), done.

If you set up the ssd_config do you get the same output?

@hans4687 @NobbZ

Thank you for both of the solution. It works like a charm. I apologize for any mistake on my end.