3
1
Some programs seem to prefer to use an SSH key agent, rather than specifying the key file in some configuration file somewhere.
Examples:
What is the reasoning for using a key agent, rather than pointing each application at a file containing your key? Is there a security difference, or is it just for convenience?
John Walthour
Posted 2016-04-18T17:28:39.020
Reputation: 255
4
There are several advantages in using ssh-agent against letting ssh to use the key directly:
comfort: You add your passphrase-protected key into the agent and then you can do whatever you like (push, ssh, rsync)
security: Handling private keys in separate process is good way to avoid security bugs in ssh. For example because of recent CVE-2016-0777 and CVE-2016-0778, malicious server could read your decrypted private keys from your client.
On the other hand, there are things that can't be done using only agent and ssh_config works fine in cooperation with ssh-agent, especially if you have more identities on the single server with different keys.
Jakuje
Posted 2016-04-18T17:28:39.020
Reputation: 7 981