ssh keys ssh-agent bash and ssh-add

An agent is a program that keeps your keys in memory so that you only need to unlock them once, instead of every time. ssh-agent does this for SSH keys.

The usual methods for starting ssh-agent are:

  • eval `ssh-agent` – this runs the agent in background, and sets the apropriate environment variables for the current shell instance.

    (ssh-agent, when started with no arguments, outputs commands to be interpreted by your shell.)

  • exec ssh-agent bash – starts a new instance of the bash shell, replacing the current one.

    (With one or more arguments, ssh-agent doesn't output anything, but starts the specified command: in this case, the bash shell, but technically it could be anything.)

    The second method is sometimes preferred, since it automatically kills ssh-agent when you close the terminal window. (When starting it with eval, the agent would remain running, but inaccessible.)

However, this only starts an empty agent. To actually make it useful, you need to use ssh-add, which unlocks your keys (usually ~/.ssh/id_*) and loads them into the agent, making them accessible to ssh or sftp connections.


Additionally, you may want to add some keys at session start.

Edit your ~/.bashrc file, and add :

ssh-add &>/dev/null || eval `ssh-agent` &>/dev/null  # start ssh-agent if not present
[ $? -eq 0 ] && {                                     # ssh-agent has started
ssh-add ~/.ssh/your_private.key1 &>/dev/null        # Load key 1
ssh-add ~/.ssh/your_private.key2 &>/dev/null        # Load key 2
}

Check your keys with ssh-add -l

You can stop the current ssh-agent session with ssh-agent -k

Something to know about ssh-agent and .bashrc is don't load too many keys. The default number of tries for ssh daemon is limited to 6. This can been modified in /etc/ssh/sshd_config with the MaxAuthTries value.