How to enter ssh passphrase key once and for all

You want to use keychain.

The keychain program manages an instance of the key cache program ssh-agent. When ssh-agent is started, two environment variables are created to be eval'd. Normally when the shell is closed where ssh-agent has been started, those environment variables are lost. The keychain program keeps track of those variables across logins and provides shell scripts in the ~\.keychain directory.

There are several ways to run keychain, one method is manually from the command line. Each time you start the shell, use:

eval `keychain --eval`

This will find ssh-agent if it's running, and start it if it's not. Either way, using eval on keychain will set the necessary environment variables where you can add keys using:

ssh-add <private-keyfile>

If private-keyfile has a password, you will be prompted to enter that password during the execution of ssh-add, but as long as ssh-agent is running that will be the last time you need to enter the password for the private key.

Because the eval of keychain sets the SSH_AUTH_SOCK environment variable, any run of ssh will use the ssh-agent to accomplish the authentication.

Another suggestion is to add the keychain execution to your .bashrc file, as suggested in this StackExchange answer.

To terminate keychain just enter the command:

keychain --stop mine

or if you want to bring down all the instances of ssh-agent, enter the command:

keychain --stop all

Just a note, using services such as ssh-agent defeat the security of passworded private key files by storing those authenticated keys in memory. This is not safe, especially with memory side-channel attacks. If you're not interested in key security, the simpler solution is to remove the password on the private key as suggested by @vidarlo.


Run ssh-keygen -p. This will allow you to remove the passphrase set on the key. If no passphrase is set, it's stored in clear text, and you can use it without unlocking it:

$ ssh-keygen -p 
Enter file in which the key is (/home/user/.ssh/id_rsa): 
Enter old passphrase: 
Key has comment ''
Enter new passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved with the new passphrase.

Simply press enter when prompted for passphrase to set no passphrase. After that, you can use your key freely.