SSH Agent and How to Use It

In a nutshell ssh-agent allows you to unlock your private SSH key once and add it to the agent so you can keep using it without having to unlock it again, making things a lot more convenient when working with remote machines. Once the key is added the agent remembers it and authenticates you automatically whenever needed until it stops running or you remove the key.

To start using the SSH agent you first need to start it up, and the way to do that on the Linux and UNIX command line is to start it together with a terminal in which you want your authetication keys to be remembered. So you could run one of these three commands:

$ ssh-agent /bin/bash
$ ssh-agent tmux &
$ ssh-agent xterm &

The first one just launches bash with ssh-agent in the background basically launching a shell within a shell. The second one runs tmux terminal multiplexer in the same way, and the third one launches the graphical terminal emulator xterm with ssh-agent enabled. In either case you can now add keys to it and then have it automatically authenticate you to hosts for which you’ve added the keys.

To add a new key to the agent use the ssh-add command. If you simply run the ssh-add command alone it will add the identity of the current user to the agent, which should reside in ~/.ssh/:

$ ssh-add

It will ask you for a passphrase, if you have one, before it adds the key.

You could also specify a key file in any other path by simply adding the path:

$ ssh-add /home/user/keys/id_rsa

To list the keys that are added in the ssh-agent run:

$ ssh-add -l

To remove keys use the -d option:

$ ssh-add -d

Once you have your key in ssh-agent you no longer need to unlock it every time you want to use it so long as the agent is running.

See Also

SSH Basics

SSH Key Management

SSH Security & Configuration

SSH Troubleshooting