What exactly does ssh-add do?

I recently reinstalled my laptop and found that 'git clone' wasn't working. I was consistently receiving Permission denied (publickey). errors.

The fix is documented on GitHub's SSH issues page: use ssh-add to tell SSH about the key I want to use to authenticate on GitHub.

My question is: under the hood, what does ssh-add actually do?

I've been meaning to expand my understanding of SSH for a while, & this seems like a good excuse to start :-)

Duncan Bayne

Posted 2011-11-23T12:08:53.727

Reputation: 441

Answers

ssh-add adds private key identities (from your ~/.ssh directory) to the authentication agent (ssh-agent), so that the ssh agent can take care of the authentication for you, and you don’t have type in passwords at the terminal.

Peter John Acklam

Posted 2011-11-23T12:08:53.727

Reputation: 486

I'll be honest, this confused me for a while. I thought the ssh client always used the key in your ~/.ssh directory. Do some distros do the equivalent of ssh-add automatically? Maybe that's why I was confused? – blong – 2015-04-11T01:21:38.920

4ssh does use the key in the ~/.ssh directory, but if the key is protected by a passphrase, this passphrase must be entered at some point. If you use ssh-agent and ssh-add, you type this passphrase once. Otherwise you must type the passphrase each time you use ssh. Note that if the key is not password protected, you can use ssh without being asked for a passphrase. – Peter John Acklam – 2015-07-10T09:39:05.440

There can be multiple ssh keys in ~/.ssh and this might be the more useful thing to have, see on SO and bitbucket docs

– Frank Nocke – 2018-04-11T11:01:07.520

Based on this article in github, sometime on some linux distributions even after you set up everything properly this error shows up:

Agent admitted failure to sign using the key.
debug1: No more authentication methods to try.
Permission denied (publickey).

And you should run ssh-add to solve the issue.

Sadegh

Posted 2011-11-23T12:08:53.727

Reputation: 101