Questions tagged [ssh-agent]

ssh-agent is a single sign-on mechanism for SSH that is included in the OpenSSH software. Use this tag for questions on how to configure and use ssh-agent.

An alternative to password-based authentication is public-key-authentication. In essence, with public-key authentication one proves the identity by signing a challenge using the private key. Assuming that

the verification of the signature succeeds
the digital signature scheme is secure
the private key is indeed private
an authentic copy of the corresponding public key is available

this proves the identity.

The third point is essential. In order to protect private keys from leaking out, they are often locked with a password (or passphrase). In order to unlock and use them, the user has to enter that password. ssh follows the same pattern.

Since this procedure is not very user friendly, single sign-on was invented. The basic idea is that a user authenticates once and all further authentication happens automagically. For SSH (more precisely, the OpenSSH implementation) this magic is performed by the ssh-agent which stores the passphrase in memory and automates SSH public-key authentication.

Beware: By default, once started, ssh-agent keeps your passphrases indefinitely. In particular, ssh-agent does not terminate upon session exit. A more secure approach is to let ssh-agent "forget" passphrases after a while.

263 questions

414

votes

2 answers

How to list keys added to ssh-agent with ssh-add?

How and where can I check what keys have been added with ssh-add to my ssh-agent?

ssh key-authentication ssh-agent

asked Dec 20 '12 at 10:37

Patryk

13,556
22
53
61

345

votes

21 answers

How can I run ssh-add automatically, without a password prompt?

I want to communicate between several computers on my network (static Ethernet), through SSH. In order to do that I need to run ssh-add every time I log in on a specific machine. What can I do so it's set up once and it doesn't ask me for the…

ssh ssh-agent

asked Sep 16 '13 at 10:31

zdun8

3,617
4
13
8

257

votes

4 answers

How to enable diffie-hellman-group1-sha1 key exchange on Debian 8.0?

I am unable to ssh to a server that asks for a diffie-hellman-group1-sha1 key exchange method: ssh 123.123.123.123 Unable to negotiate with 123.123.123.123 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 How…

debian ssh openssh key-authentication ssh-agent

asked Jan 28 '17 at 20:17

j1088099.mvrht.com.

2,903
3
13
20

215

votes

9 answers

ssh-add complains: Could not open a connection to your authentication agent

I've been trying to get ssh-add working on a RaspberryPi running Raspbian. I can start ssh-agent, when I do it gives the following output into the terminal: SSH_AUTH_SOCK=/tmp/ssh-06TcpPflMg58/agent.2806; export SSH_AUTH_SOCK; SSH_AGENT_PID=2807;…

command-line ssh ssh-agent

asked Sep 22 '12 at 15:22

Daniel Groves

2,253
2
14
5

212

votes

9 answers

ssh-add is not persistent between reboots

I added a ssh key to the agent by: $ ssh-add ~/.ssh/id_rsa_mac Identity added: /Users/alex/.ssh/id_rsa_mac (/Users/alex/.ssh/id_rsa_mac) After a reboot the agent doesn't have this key added anymore: $ ssh-add -l The agent has no identities. Why…

ssh osx ssh-agent

asked Jul 01 '14 at 02:09

Incerteza

2,641
4
20
22

136

votes

1 answer

Why eval the output of ssh-agent?

In order to run ssh-agent I have to use: eval $(ssh-agent) Why is it necessary to eval the output of ssh-agent? Why can't I just run it?

shell ssh ssh-agent eval

asked Mar 15 '17 at 21:10

jx12345

1,570
2
10
12

120

votes

5 answers

what's the purpose of ssh-agent?

I've read the official definition: ssh-agent is a program to hold private keys used for public key authentication (RSA, DSA, ECDSA). The idea is that ssh-agent is started in the beginning of an X-session or a login session, and all other windows…

ssh openssh ssh-agent

asked Apr 15 '13 at 22:34

agent_smith

1,495
3
11
8

107

votes

5 answers

ssh-add returns with: "Error connecting to agent: No such file or directory"

ssh-add alone is not working: Error connecting to agent: No such file or directory How should I use that tool?

linux ssh ssh-agent

asked Aug 24 '18 at 07:28

Wong Jia Hau

1,189
2
8
6

votes

3 answers

How do I get ssh-agent to work in all terminals?

I have set up automatic (password less) ssh login to some servers using ssh-copy-id. ssh-agent works only from the terminal where it was run. How do I get ssh-add to work in all my terminals? Naturally, I would not prefer SSH key without a…

ssh ssh-agent

asked May 26 '14 at 17:23

Gowtham

2,003
2
15
14

votes

2 answers

How to start and use ssh-agent as systemd service?

How to start ssh-agent as systemd service? There are some suggestions in the net, but they are not complete. How to add automatically unencrypted keys if ssh-agent service was started successfully? Probably, adding keys from the list of…

systemd ssh-agent

asked Jan 24 '17 at 18:42

midenok

votes

5 answers

Have ssh-add be quiet if key already there

I want to put ssh-add /path/to/special_key at the top of a script. This works fine, but it always prompts for the passphrase. This is strange, and a little annoying, as it still asks for the passphrase even when ssh-add -l shows the key has already…

shell-script ssh ssh-agent

asked May 31 '14 at 01:26

Darren Cook

votes

3 answers

How to restart ssh-agent without relogin

I accidentally killed my ssh-agent, how do I restart it without having to reconnect ? I tried this but it does not work : $ eval $(ssh-agent -s) Agent pid 8055 Then, I open a new Gnome terminal with CTRL+SHIFT+N from the previous terminal window…

ssh-agent

asked May 12 '19 at 18:02

SebMa

1,941
4
22
37

votes

5 answers

ssh-agent not getting set up (SSH_AUTH_SOCK, SSH_AGENT_PID env vars not set)

I set up a new user account for a friend on Kubuntu 12.04. When he uses ssh he gets this error: Could not open a connection to your authentication agent We're running ssh in some bash scripts. After looking around at the wide variety of things…

bash ssh kubuntu ssh-agent

asked Aug 08 '13 at 02:54

MountainX

17,168
59
155
264

votes

1 answer

How to use ssh-agent with multiple (valid) keys and yet choose which one to use?

Let's say there are two keys A and B, both of which are valid for user@host public key authentication. Since authorized_keys is configured for different behaviour depending on the key, ~/.ssh/config on the client uses something like Host A.host …

ssh ssh-agent

asked Oct 17 '12 at 15:30

Tobias Kienzler

9,184
13
65
106

votes

8 answers

"ssh-add -d" refused to remove identity

In order to forget private keys passphrase (id_rsa) i usually run: ssh-add -D # to forget all loaded identities ssh-add -d # to forget primary identity ($HOME/.ssh/id_rsa) Now with macOS Sierra v10.12.1 i get this error: $ ssh-add -D All identities…

ssh terminal ssh-agent

asked Dec 15 '16 at 10:31

Ardit Hyka

2 3

…

17 18 Next