Remote client on MacOS is not using ssh-agent and is prompting to unlock keys everytime

[vitaliy-sk]

/kind bug

Description

The MacOS remote client is not making use of the ssh-agent and is prompting for the password to unlock the SSH key every time podman is used.

Steps to reproduce the issue:

1. brew install podman

2. Add remote using identity podman-remote system connection add --identity ~/.ssh/id_rsa <host> ssh://<user>@<host>/run/user/1000/podman/podman.sock

3. podman ps

Describe the results you received:

Podman not using ssh-agent and asking password for key each time

Describe the results you expected:

Podman using ssh-agent and not asking password for key each time

Additional information you deem important (e.g. issue happens only occasionally):

Output of podman version:

Client:
Version:      3.4.1
API Version:  3.4.1
Go Version:   go1.17.2
Built:        Wed Oct 20 00:14:42 2021
OS/Arch:      darwin/amd64

Server:
Version:      3.3.1
API Version:  3.3.1
Go Version:   go1.16.6
Built:        Thu Jan  1 03:00:00 1970
OS/Arch:      linux/amd64

Output of podman info --debug:

host:
  arch: amd64
  buildahVersion: 1.22.3
  cgroupControllers: []
  cgroupManager: cgroupfs
  cgroupVersion: v1
  conmon:
    package: 'conmon: /usr/libexec/podman/conmon'
    path: /usr/libexec/podman/conmon
    version: 'conmon version 2.0.30, commit: '
  cpus: 4
  distribution:
    distribution: ubuntu
    version: "20.04"
  eventLogger: journald
  hostname: dev
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
  kernel: 5.4.0-89-generic
  linkmode: dynamic
  logDriver: ""
  memFree: 1393860608
  memTotal: 4126826496
  ociRuntime:
    name: crun
    package: 'crun: /usr/bin/crun'
    path: /usr/bin/crun
    version: |-
      crun version UNKNOWN
      commit: ea1fe3938eefa14eb707f1d22adff4db670645d6
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL
  os: linux
  remoteSocket:
    exists: true
    path: /run/user/1000/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: false
  serviceIsRemote: true
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: 'slirp4netns: /usr/bin/slirp4netns'
    version: |-
      slirp4netns version 1.1.8
      commit: unknown
      libslirp: 4.3.1-git
      SLIRP_CONFIG_VERSION_MAX: 3
      libseccomp: 2.4.3
  swapFree: 4091015168
  swapTotal: 4126142464
  uptime: 19h 20m 8.53s (Approximately 0.79 days)
plugins:
  log: null
  network: null
  volume: null
registries:
  search:
  - docker.io
  - quay.io
store:
  configFile: /home/vitaliy/.config/containers/storage.conf
  containerStore:
    number: 0
    paused: 0
    running: 0
    stopped: 0
  graphDriverName: overlay
  graphOptions:
    overlay.mount_program:
      Executable: /usr/bin/fuse-overlayfs
      Package: 'fuse-overlayfs: /usr/bin/fuse-overlayfs'
      Version: |-
        fusermount3 version: 3.9.0
        fuse-overlayfs: version 1.5
        FUSE library version 3.9.0
        using FUSE kernel interface version 7.31
  graphRoot: /home/vitaliy/.local/share/containers/storage
  graphStatus:
    Backing Filesystem: extfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Using metacopy: "false"
  imageStore:
    number: 0
  runRoot: /run/user/1000/containers
  volumePath: /home/vitaliy/.local/share/containers/storage/volumes
version:
  APIVersion: 3.3.1
  Built: 0
  BuiltTime: Thu Jan  1 00:00:00 1970
  GitCommit: ""
  GoVersion: go1.16.6
  OsArch: linux/amd64
  Version: 3.3.1

Package info (e.g. output of rpm -q podman or apt list podman):

brew info podman
podman: stable 3.4.1 (bottled), HEAD
Tool for managing OCI containers and pods
https://podman.io/
/usr/local/Cellar/podman/3.4.1 (170 files, 39.5MB) *
  Poured from bottle on 2021-10-29 at 20:37:25
From: https://github.com/Homebrew/homebrew-core/blob/HEAD/Formula/podman.rb
License: Apache-2.0

Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/master/troubleshooting.md)

Yes

Additional environment details (AWS, VirtualBox, physical, etc.):

Client - MacOS Monterey 12.0.1
Server - Ubuntu 20.04.3 LTS

Related #7806

[mheon]

@jwhonce PTAL

[andrewmed]

I confirm, ssh agent is ignored, please have a look at this issue, typing a long password each time is not an option ☹️

update:
I followed instruction here #7806 (comment) disabled id file in remote settings and it worked with agent!

[mheon]

@ashley-cui PTAL

[github-actions]

A friendly reminder that this issue had no activity for 30 days.

[rhatdan]

@ashley-cui Have you had a chance to look at this?

[ashley-cui]

Not yet, haven't specifically looked at this issue, though I've been using podman-remote via machine on macs for a bit and I haven't run into this

[github-actions]

A friendly reminder that this issue had no activity for 30 days.

[rhatdan]

@vitaliy-sk are you still seeing this issue?

[baude]

is it possible you have more than say a half dozen keys ?

[github-actions]

A friendly reminder that this issue had no activity for 30 days.

[rhatdan]

Since we got no answer I am closing, reopen if you have more feedback.