SSH AgentPublished on 27 Nov 2005
The SSH agent stores unencrypted private keys to help you log in to servers without supplying your private key’s passphrase during retries.
NOTE: Unfortunately the agent stores private keys for an unlimited amount of time by default. Therefore, please take note of command line parameters of
ssh-add to limit the key lifetime inside the agent.
ssh to work the two commands rely on two environment variables: SSH_AGENT_PID and SSH_AUTH_SOCK. The following two methods will start the SSH agent with automatically setting those environment variables:
- Method 1:
Starting the agent:
eval $(ssh-agent -s -t LIFETIME)
eval $(ssh-agent -c -t LIFETIME)
(the key lifetime is specified in seconds)
Adding keys to the agent:
ssh-add -t LIFETIME KEYFILE
Removing keys from the agent:
ssh-add -d KEYFILE
Removing all keys from the agent:
Stopping the agent:
eval $(ssh-agent -s -k)
eval $(ssh-agent -c -k)
- Method 2:
Starting the ssh agent:
ssh-agent -t LIFETIME COMMAND
Adding and removing private keys work as described in method 1 from COMMAND.
Stopping the agent: Terminate COMMAND
- With the SSH agent:
$ ssh-agent -t 60 bash --login $ ssh-add TEST Need passphrase for TEST Enter passphrase for TEST: Identity added: TEST (TEST) $ ssh -i TEST USER@HOST Last login: SOMETIME from SOMEWHERE
Successive logins are possible.
- Without the SSH agent:
$ ssh -i TEST USER@HOST Enter passphrase for key 'TEST': Last login: SOMETIME from SOMEWHERE
The passphrase is needed for each and every login.