If you are using key pair based authentication with a passphrase for your keys, things can quickly get tedious as you have to input the passphrase every time you want to connect somewhere. If you want to avoid that, you can optionally use another preinstalled tool:
.ssh-agent
The
t is a little helper program that keeps track your identity keys and their passphrases. The agent is consulted by the SSH client during the authentication process instead of the user having to specify a key – and having to type its passphrase all over again.ssh-agen
Adding keys
Simply add your private key file to the agent like this
$ ssh-add ~/.ssh/key_name_id_rsa
And then connect to your server without the need to specify the passphrase.
$ ssh myuser@myserver
Managing your keys
You can see the keys which you’ve added so far with
$ ssh-add -l
And remove them from the agent with
$ ssh-add -d ~/.ssh/key_name_id_rsa
Why is the ssh-agent
a separate program?
Keys that are protected with a passphrase are stored in encrypted form, so they have to be temporarily put somewhere unencrypted if they are to be reused without inputting the password again.
The most secure place to store them in unencrypted form is program memory, and in Unix-like operating systems, memory is normally associated with a process.
A normal SSH client process cannot be used to store the unencrypted key because SSH client processes only last the duration of a remote login session. Therefore, users run a program called ssh-agent that runs beyond the duration of a local login session, stores unencrypted keys in memory, and communicates with SSH clients using a Unix domain socket.
SSH knows the location of the socket through the
variable.$SSH_AUTH_SOCK
See the man page and SSH agent protocol for more info.