ssh keys ssh-agent bash and ssh-add
An agent is a program that keeps your keys in memory so that you only need to unlock them once, instead of every time. ssh-agent does this for SSH keys.
The usual methods for starting ssh-agent are:
-
eval `ssh-agent`
– this runs the agent in background, and sets the apropriate environment variables for the current shell instance.(ssh-agent, when started with no arguments, outputs commands to be interpreted by your shell.)
-
exec ssh-agent bash
– starts a new instance of thebash
shell, replacing the current one.(With one or more arguments, ssh-agent doesn't output anything, but starts the specified command: in this case, the
bash
shell, but technically it could be anything.)The second method is sometimes preferred, since it automatically kills ssh-agent when you close the terminal window. (When starting it with
eval
, the agent would remain running, but inaccessible.)
However, this only starts an empty agent. To actually make it useful, you need to use ssh-add, which unlocks your keys (usually ~/.ssh/id_*
) and loads them into the agent, making them accessible to ssh or sftp connections.
Additionally, you may want to add some keys at session start.
Edit your ~/.bashrc
file, and add :
ssh-add &>/dev/null || eval `ssh-agent` &>/dev/null # start ssh-agent if not present
[ $? -eq 0 ] && { # ssh-agent has started
ssh-add ~/.ssh/your_private.key1 &>/dev/null # Load key 1
ssh-add ~/.ssh/your_private.key2 &>/dev/null # Load key 2
}
Check your keys with ssh-add -l
You can stop the current ssh-agent session with ssh-agent -k
Something to know about ssh-agent and .bashrc is don't load too many keys. The default number of tries for ssh daemon is limited to 6. This can been modified in /etc/ssh/sshd_config
with the MaxAuthTries
value.