SSH Agent

The SSH agent stores unencrypted private keys to help you log in to servers without supplying your private key’s passphrase during retries.

NOTE: Unfortunately the agent stores private keys for an unlimited amount of time by default. Therefore, please take note of command line parameters of ssh-agent and ssh-add to limit the key lifetime inside the agent.

For ssh-add and ssh to work the two commands rely on two environment variables: SSH_AGENT_PID and SSH_AUTH_SOCK. The following two methods will start the SSH agent with automatically setting those environment variables:

1. Method 1:

• Starting the agent:

  bash: eval $(ssh-agent -s -t LIFETIME)

  tcsh: eval $(ssh-agent -c -t LIFETIME)

  (the key lifetime is specified in seconds)

• Adding keys to the agent:

  ssh-add -t LIFETIME KEYFILE

• Removing keys from the agent:

  ssh-add -d KEYFILE

• Removing all keys from the agent:

  ssh-add -D

• Stopping the agent:

  bash: eval $(ssh-agent -s -k)

  tcsh: eval $(ssh-agent -c -k)

1. Method 2:

• Starting the ssh agent:

  ssh-agent -t LIFETIME COMMAND

• Adding and removing private keys work as described in method 1 from COMMAND.

• Stopping the agent: Terminate COMMAND

Example sessions:

1. With the SSH agent:

  $ ssh-agent -t 60 bash --login
  $ ssh-add TEST
  Need passphrase for TEST
  Enter passphrase for TEST:
  Identity added: TEST (TEST)
  $ ssh -i TEST USER@HOST
  Last login: SOMETIME from SOMEWHERE

Successive logins are possible.

1. Without the SSH agent:

  $ ssh -i TEST USER@HOST
  Enter passphrase for key 'TEST':
  Last login: SOMETIME from SOMEWHERE

The passphrase is needed for each and every login.