29
18
I am new to ssh keys. Can anyone explain how the ssh-agent bash
and ssh-add
works?
I need to understand its internals in future.
29
18
I am new to ssh keys. Can anyone explain how the ssh-agent bash
and ssh-add
works?
I need to understand its internals in future.
45
An agent is a program that keeps your keys in memory so that you only need to unlock them once, instead of every time. ssh-agent does this for SSH keys.
The usual methods for starting ssh-agent are:
eval `ssh-agent`
– this runs the agent in background, and sets the apropriate environment variables for the current shell instance.
(ssh-agent, when started with no arguments, outputs commands to be interpreted by your shell.)
exec ssh-agent bash
– starts a new instance of the bash
shell, replacing the current one.
(With one or more arguments, ssh-agent doesn't output anything, but starts the specified command: in this case, the bash
shell, but technically it could be anything.)
The second method is sometimes preferred, since it automatically kills ssh-agent when you close the terminal window. (When starting it with eval
, the agent would remain running, but inaccessible.)
However, this only starts an empty agent. To actually make it useful, you need to use ssh-add, which unlocks your keys (usually ~/.ssh/id_*
) and loads them into the agent, making them accessible to ssh or sftp connections.
4Is there a way to start ssh-agent across multiple bash sessions, once? – Asim – 2018-01-03T12:15:59.803
9
Additionally, you may want to add some keys at session start.
Edit your ~/.bashrc
file, and add :
ssh-add &>/dev/null || eval `ssh-agent` &>/dev/null # start ssh-agent if not present
[ $? -eq 0 ] && { # ssh-agent has started
ssh-add ~/.ssh/your_private.key1 &>/dev/null # Load key 1
ssh-add ~/.ssh/your_private.key2 &>/dev/null # Load key 2
}
Check your keys with ssh-add -l
You can stop the current ssh-agent session with ssh-agent -k
Something to know about ssh-agent and .bashrc is don't load too many keys. The default number of tries for ssh daemon is limited to 6. This can been modified in /etc/ssh/sshd_config
with the MaxAuthTries
value.
1What about the private key password when launching ssh-add
with "&" ? Are you assuming the private key files are unprotected ? – Luciano – 2017-08-07T18:57:54.783
The code above asks for the passphrase twice, once when checking if ssh-agent is available and again once loading the private key. – Tapan Chandra – 2019-01-25T11:04:16.933
@Luciano just provide passphrase once and you will no longer be prompted again for any connection with this key afterwards. – zhoucengchao – 2019-12-26T06:07:31.523
Have you tried the top Google hit for any of these terms? – Daniel Beck – 2011-05-16T19:37:38.307
Yes, I did. I didn't get any useful information. My bad – maneeshshetty – 2011-05-16T20:06:14.843