Why won't ssh-agent save my unencrypted key for later use?

Solution 1:

Even if agent is up, if certain environment variables are not set, you have no reference to agent. Furthermore, even if it is all ok, agent and variables, the identity are not automatically sent to agent: that is a task for ssh-askpass, working only in X sessions.

If you are using bash, create the file ~/.bash_profile with this content:

# File: ~/.bash_profile

# source ~/.profile, if available
if [[ -r ~/.profile ]]; then
  . ~/.profile
fi

# start agent and set environment variables, if needed
agent_started=0
if ! env | grep -q SSH_AGENT_PID >/dev/null; then
  echo "Starting ssh agent"
  eval $(ssh-agent -s)
  agent_started=1
fi

# ssh become a function, adding identity to agent when needed
ssh() {
  if ! ssh-add -l >/dev/null 2>&-; then
    ssh-add ~/.ssh/id_dsa
  fi
  /usr/bin/ssh "$@"
}
export -f ssh

# another example: git
git() {
  if ! ssh-add -l >/dev/null 2>&-; then
    ssh-add ~/.ssh/id_dsa
  fi
  /usr/bin/git "$@"
}
export -f git

modify the file name ~/.ssh/id_dsa following your needs, and add this line to ~/.bash_logout

# stuff to add at end of ~/.bash_logout
if ((agent_started)); then
  echo "Killing ssh agent"
  ssh-agent -k
fi

A last note: this do not interfere with a gnome session, because in that case only ~/.profile is sourced, and you can benefit from the ssh-askpass graphical interface that ask for a passphrase and send it to the ssh-agent.

Solution 2:

I recently started using ssh-ident:

https://github.com/ccontavalli/ssh-ident

all you have to do is add something like:

alias ssh="/path/to/ssh-ident"

in your .bashrc. Alternatively, you can ln -s /path/to/ssh-ident ~/bin/ssh or some other directory in your PATH before /bin and /usr/bin.