ssh prompts for password when providing non-default key

I have a question about ssh public key authentication.
I have generated on a RHEL 9 machine a key pair – protected by a password- as follows:

ssh-keygen -f .ssh/key2

Then, I have copied the pub key on a remote host:

ssh-copy-id -i .ssh/key2.pub operator1@servera

Now, when I attempt the connection I’m still asked the key password:

ssh -i .ssh/key2 operator1@servera

adding the -v option during the execution shows that the server accepted the key:

No Kerberos credentials available (default cache: KCM:)
debug1: No credentials were supplied, or the credentials were unavailable or inaccessible
No Kerberos credentials available (default cache: KCM:)
debug1: Next authentication method: publickey
debug1: Offering public key: .ssh/key2 RSA SHA256:wzFYOSGEvzLSjgKe5EGlKXXuaWmFmG8E6gfxs2KG6Pg explicit
debug1: Server accepts key: .ssh/key2 RSA SHA256:wzFYOSGEvzLSjgKe5EGlKXXuaWmFmG8E6gfxs2KG6Pg explicit

so why I’m being asked to enter the password?
Side note: I have already granted permissions to the .ssh folder:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/key2

The SSH passphrase protects the secret key. To use the secret key, either directly with ssh or when loading it into an SSH agent, you must unlock it by providing the passphrase you used when creating the key.

If you do not want to provide a passphrase when using ssh, then load it into an already running SSH agent using, e.g.,

ssh-add ~/.ssh/key2

This would ask for the secret key’s passphrase once, but would then allow you to use ssh to connect to the appropriate remote host(s) without having to interactively type in the passphrase again (until the agent is terminated or the key is removed from the agent).

In comments it seems like you believe that since the public key is copied to the remote system, you should not need to provide the SSH key’s passphrase. You must provide the secret key’s passphrase whenever needed (when connecting with ssh without the agent, or when loading the key into the agent). The public key needs to be on the remote system for you to use SSH key authentication at all, whether the secret key is protected by a passphrase or not.

Answered By: Kusalananda
Categories: Answers Tags: ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.