SSH Agent and How to Use It
In a nutshell ssh-agent
allows you to unlock your private SSH key once and add it to the agent so you can keep using it without having to unlock it again, making things a lot more convenient when working with remote machines. Once the key is added the agent remembers it and authenticates you automatically whenever needed until it stops running or you remove the key.
To start using the SSH agent you first need to start it up, and the way to do that on the Linux and UNIX command line is to start it together with a terminal in which you want your authetication keys to be remembered. So you could run one of these three commands:
$ ssh-agent /bin/bash
$ ssh-agent tmux &
$ ssh-agent xterm &
The first one just launches bash with ssh-agent
in the background basically launching a shell within a shell. The second one runs tmux
terminal multiplexer in the same way, and the third one launches the graphical terminal emulator xterm
with ssh-agent
enabled. In either case you can now add keys to it and then have it automatically authenticate you to hosts for which you’ve added the keys.
To add a new key to the agent use the ssh-add
command. If you simply run the ssh-add
command alone it will add the identity of the current user to the agent, which should reside in ~/.ssh/
:
$ ssh-add
It will ask you for a passphrase, if you have one, before it adds the key.
You could also specify a key file in any other path by simply adding the path:
$ ssh-add /home/user/keys/id_rsa
To list the keys that are added in the ssh-agent
run:
$ ssh-add -l
To remove keys use the -d
option:
$ ssh-add -d
Once you have your key in ssh-agent
you no longer need to unlock it every time you want to use it so long as the agent is running.
See Also
SSH Basics
SSH Key Management
- Passwordless SSH
- SSH Key Generation
- Deploy SSH Key to Remote Server
- Change SSH Key Passphrase
- How To: Generate ed25519 SSH key
- How To: Inspect SSH key fingerprints
- How To: Find SSH key using Fingerprint
SSH Security & Configuration
- SSH Configuration Options
- SSH Port Forwarding
- Using Multiple SSH Ports
- Test SSHd Config on Different Port