How to avoid being asked passphrase each time I push to Bitbucket

I set up my ssh stuff with the help of this guide, and it used to work well (I could run hg push without being asked for a passphrase). What could have happened between then and now, considering that I’m still using the same home directory.

$ cat .hg/hgrc 
default = ssh://

$ hg push
Enter passphrase for key '/home/wena/.ssh/id_rsa': 
pushing to ssh://
searching for changes
Asked By: tshepang


You need to use an ssh agent. Short answer: try

$ ssh-add

before pushing. Supply your passphrase when asked.

If you aren’t already running an ssh agent you will get the following message:

Could not open a connection to your authentication agent.

In that situation, you can start one and set your environment up thusly

eval $(ssh-agent)

Then repeat the ssh-add command.

It’s worth taking a look at the ssh agent manpage.

Answered By: jmtd

I use Keychain for managing ssh keys. It is also available in Debian and so presumably Ubuntu with

apt-get install keychain

Here is the Debian keychain package page. As you can see, the project is not very active, but works for me. I also commented a bit about this in another answer here

Answered By: Faheem Mitha

A way to solve this is with ssh-agent and ssh-add:

$ exec ssh-agent bash
$ ssh-add
Enter passphrase for ~/.ssh/id_rsa: 

After this the passphrase is saved for the current session. and won’t be asked again.

Answered By: stefano

For convenience, the optimal method is a combination of the answers of jmtd and Faheem.

Using ssh-agent alone means that a new instance of ssh-agent needs to be created for every new terminal you open. keychain when initialized will ask for the passphrase for the private key(s) and store it. That way your private key is password protected but you won’t have to enter your password over and over again.

The Arch wiki recommends initializing keychain from /etc/profile.d/ or your shell profile, such as .bash_profile or .bashrc. This has a disadvantage in that it intializes your keychain as soon as you open a terminal.

A more flexible approach is to combine keychain with a specific tmux session. So, in .bash_profile:

tsess=$(tmux ls 2>&1)

if [[ "${tsess%%:*}" = "secured" ]] && 
   [[ -f $HOME/.keychain/$HOSTNAME-sh ]]; then
    # start keychain
    /usr/bin/keychain -Q -q --nogui ~/.ssh/id_rsa
    . $HOME/.keychain/$HOSTNAME-sh

…and then it is just a case of starting the secured tmux session as and when required (launched from a keybind):

PID=$(pgrep tmux)
new="tmux -f $HOME/.tmux/conf new -s secured"
old="tmux attach -t secured -d"

if [[ -z "$SSH_AUTH_SOCK" ]]; then
    eval `ssh-agent`
    trap "kill $SSH_AGENT_PID" 0

if [[ -z "$PID" ]]; then
    urxvtc -title "SSH" -e sh -c "${new}"
    urxvtc -title "SSH" -e sh -c "${old}"


Now, your keychain will only be initialized once when you start that specific tmux session. As long as that session persists, you will be able to access those ssh keys and push to your remote repositories.

Answered By: jasonwryan

Create (or edit if it exists) the following ~/.ssh/config file:

Host *
    UseKeychain yes
    AddKeysToAgent yes
    IdentityFile ~/.ssh/id_rsa
Answered By: ness-EE

You can use sshpass:

$ sudo apt-get install sshpass
$ sshpass -p 'password' ssh username@server

You just need to add sshpass -p yourpassphrase before appending your usual ssh command.

Answered By: belka
Categories: Answers Tags: ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.