Ssh-agent

Introduction
Using ssh-agent, your computer will store your private keys in memory for the duration of your session, or for a fixed time (if desired - see man ssh-add). It is intended for users who protect their keys with a passphrase, and allows the passphrase to be entered in once only: when the key is added to the agent. This setup is infinitely more secure than making a key with an empty passphrase (assuming you don't leave the session open for someone else to use, of course). To use ssh-agent, you commonly invoke it in one of two ways:

Starting ssh-agent
You can tell ssh-agent to create a child process (such as an X or Konsole session), and it will terminate automatically when the child process exits:

For example, in your .xinitrc:

...or as an alias to konsole (or put this in the application line of the icon):

Gnome users are already running their session through ssh-agent if they use GDM.

You can also invoke ssh-agent manually at the prompt:

Once you have started ssh-agent or verified that it is running, add your keys with ssh-add:

Enter passphrase for /home/ /.ssh/id_rsa: Identity added: /home/ /.ssh/id_rsa (/home/ /.ssh/id_rsa

Without arguments, ssh-add adds some default keys (if they exist):, ,. If you have additional keys with other names, specify the files on the command line:

If you want ssh-agent to discard your key from memory after a time, specify the key's lifetime with the -t option:

See man sshd_config for time formats.

That's it. ssh-agent will supply your private keys to your SSH client processes whenever they are needed to authenticate with a server, without prompting for your passphrase each time. This is especially useful for scripting using SSH and running commands on multiple hosts.

Testing
Last login: Thu Jun 17 23:55:36 2004 from 192.168.34.2 $

If the system did not query you for a password everything is working properly. If it did not work check your file. The following options should be set:

Now repeat the Server-part for every server you want to be able to login into without specifying the password.