SSH - Using the agent
The ssh-agent
is caching your keys’ in memory once these are
unlocked and you will not be asked to provide the passphrase to unlock
these keys every time they are used.
Starting the agent
Depending on your operating system, there are multiple ways to start the agent, e.g. to start it manually in a bash-like shell, simply run
eval $(ssh-agent)
This command will start the agent and set-up the necessary environment
variables. Please note that starting a new agent will make an already
existing agent not directly accessibly anymore while NOT
terminating it. Thus, please test via ssh-add -l
if an agent is
currently running (see below).
If you want your agent to be started automatically when logging in, please refer to the web, e.g. this question on stackoverflow.com for more information.
Typically, what you need to do is to ensure the agent is started and
“primed” with your keys whenever you start a terminal ssh
session. Putting a snippet like this into your ~/.bashrc
ought to
work for most people, but if you used a different shell or some other
special tools, your solution may need to look different than this one:
# ensure the ssh agent is running
if [[ -z "$SSH_AUTH_SOCK" ]]
then
eval $(ssh-agent)
fi
# list all keys here which should be loaded into the agent
for k in ~/.ssh/id_ed25519-atlas ~/.ssh/id_rsa
do
if ! ssh-add -l | grep -q "$(ssh-keygen -lf "$k" | cut -d' ' -f 2)"
then
ssh-add "$k"
fi
done
Which keys are currently handled by my agent?
Running ssh-add -l
will display all keys currently known to your
agent. If the list is empty, you have an ssh-agent
running, but no
keys currently unlocked. If you receive an error message like Could
not open a connection to your authentication agent.
you need to start
the agent first (see above).
If you key is missing, simple add it via
ssh-add ~/.ssh/id_ed25519-atlas
and it will prompt you for the passphrase. Afterwards, the newly added
key should be displayed by ssh-agent -l
,
As always, reading the man pages for ssh-agent
and ssh-add
is
recommended!