There are several advantages in using ssh-agent
against letting ssh
to use the key directly:
comfort: You add your passphrase-protected key into the agent and then you can do whatever you like (push
, ssh
, rsync
)
security: Handling private keys in separate process is good way to avoid security bugs in ssh
. For example because of recent CVE-2016-0777 and CVE-2016-0778, malicious server could read your decrypted private keys from your client.
On the other hand, there are things that can't be done using only agent and ssh_config
works fine in cooperation with ssh-agent
, especially if you have more identities on the single server with different keys.