Networking, Snippets, Unix

SSH Agent

If you are using key pair based authentication with a passphrase for your keys, things can quickly get tedious as you have to input the passphrase every time you want to connect somewhere. If you want to avoid that, you can optionally use another preinstalled tool: ssh-agent.

The ssh-agent is a little helper program that keeps track your identity keys and their passphrases. The agent is consulted by the SSH client during the authentication process instead of the user having to specify a key – and having to type its passphrase all over again.

Adding keys

Simply add your private key file to the agent like this

$ ssh-add ~/.ssh/key_name_id_rsa          

And then connect to your server without the need to specify the passphrase.

$ ssh myuser@myserver

Managing your keys

You can see the keys which you’ve added so far with

$ ssh-add -l   

And remove them from the agent with

$ ssh-add -d ~/.ssh/key_name_id_rsa

Why is the ssh-agent a separate program?

Keys that are protected with a passphrase are stored in encrypted form, so they have to be temporarily put somewhere unencrypted if they are to be reused without inputting the password again.
The most secure place to store them in unencrypted form is program memory, and in Unix-like operating systems, memory is normally associated with a process.
A normal SSH client process cannot be used to store the unencrypted key because SSH client processes only last the duration of a remote login session. Therefore, users run a program called ssh-agent that runs beyond the duration of a local login session, stores unencrypted keys in memory, and communicates with SSH clients using a Unix domain socket.
SSH knows the location of the socket through the $SSH_AUTH_SOCK variable.

See the man page and SSH agent protocol for more info.

Next: Config →

← Previous: Known Hosts

Table of Contents:

  1. Introduction
  2. Authentication
  3. Known Hosts
  4. SSH Agent
  5. Config
  6. Jumping Hosts
  7. Tunnelling and Port Forwarding
  8. X11 Forwarding
  9. Multiplexing and Master Mode

Leave a Reply