SSH Agent
Published on 27 Nov 2005Tags #SSH
The SSH agent stores unencrypted private keys to help you log in to servers without supplying your private key’s passphrase during retries.
NOTE: Unfortunately the agent stores private keys for an unlimited amount of time by default. Therefore, please take note of command line parameters of ssh-agent
and ssh-add
to limit the key lifetime inside the agent.
For ssh-add
and ssh
to work the two commands rely on two environment variables: SSH_AGENT_PID and SSH_AUTH_SOCK. The following two methods will start the SSH agent with automatically setting those environment variables:
- Method 1:
-
Starting the agent:
bash:
eval $(ssh-agent -s -t LIFETIME)
tcsh:
eval $(ssh-agent -c -t LIFETIME)
(the key lifetime is specified in seconds)
-
Adding keys to the agent:
ssh-add -t LIFETIME KEYFILE
-
Removing keys from the agent:
ssh-add -d KEYFILE
-
Removing all keys from the agent:
ssh-add -D
-
Stopping the agent:
bash:
eval $(ssh-agent -s -k)
tcsh:
eval $(ssh-agent -c -k)
- Method 2:
-
Starting the ssh agent:
ssh-agent -t LIFETIME COMMAND
-
Adding and removing private keys work as described in method 1 from COMMAND.
-
Stopping the agent: Terminate COMMAND
Example sessions:
- With the SSH agent:
$ ssh-agent -t 60 bash --login
$ ssh-add TEST
Need passphrase for TEST
Enter passphrase for TEST:
Identity added: TEST (TEST)
$ ssh -i TEST USER@HOST
Last login: SOMETIME from SOMEWHERE
Successive logins are possible.
- Without the SSH agent:
$ ssh -i TEST USER@HOST
Enter passphrase for key 'TEST':
Last login: SOMETIME from SOMEWHERE
The passphrase is needed for each and every login.