The The SSH agent is used for SSH public key authentication. It uses SSH keys for authentication. Users can create SSH keys using the ssh-keygen command and install them on servers using the ssh-copy-id command. Starting ssh-agent Adding SSH keys to the Agent SSH Agent Forwarding Running ssh-agent Further Reading On most Linux systems, If The The easiest way to check is to check the value of the Also, to allow key-based logins to servers, public key authentication must be enabled on the server. In OpenSSH it is enabled by default. It is controlled by the By default, the agent uses SSH keys stored in the The following command will list private keys currently accessible to the agent: Furthermore, the SSH protocol implements agent forwarding, a mechanism whereby an SSH client allows an SSH server to use the local A wonderful feature of the single sign-on provided by SSH is that it works independent of organizational boundaries and geography. You can easily implement single sign-on to servers on the other side of the world, in cloud services, or at customer premises. No central coordination is needed. To use agent forwarding, the The The agent outputs environment variable settings that this puts in place. The The -a bind_address Forces to bind the Unix domain socket to the given file path, instead of the default socket. -c Forces generation of C-shell commands on stdout. By default the shell is automatically detected. -d Enables debug mode. -E fingerprint_hash Specifies which algorithm to use for generating SSH key fingerprints. Valid values include -k Kills the currently running agent. -s Forces generation of Bourne shell ( -t life Specifies a maximum number of seconds that identities are kept in the agent. The value is in seconds, but can be suffixed by SSH key managementssh-agent
is a helper program that keeps track of users' identity keys and their passphrases. The agent can then use the keys to log into other servers without having the user type in a password or passphrase again. This implements a form of single sign-on (SSO).Contents
Starting
ssh-agent
ssh-agent
is automatically configured and run at login, and no additional actions are required to use it. However, an SSH key must still be created for the user.ssh-agent
is not automatically started at login, it can be started manually with the commandeval `ssh-agent`
ssh-agent
command outputs commands to set certain environment variables in the shell. The commands output by default are compatible with /bin/sh
and /bin/bash
. To output commands for the C-shell (/bin/csh
or /bin/tcsh
), add -c
.SSH_AGENT_SOCK
environment variable. If it is set, then the agent is presumably running. It can be checked byecho $SSH_AGENT_SOCK
PubkeyAuthentication
option in sshd_config.Adding SSH keys to the Agent
.ssh
directory under the user's home directory. The ssh-add command is used for adding identities to the agent. In the simplest form, just run if without argument to add the default files ~/.ssh/id_rsa
, .ssh/id_dsa
, ~/.ssh/id_ecdsa
, ~/.ssh/id_ed25519
, and ~/.ssh/identity
. Otherwise, give it the name of the private key file to add as an argument.ssh-add -l
SSH Agent Forwarding
ssh-agent
on the server the user logs into, as if it was local there. When the user uses an SSH client on the server, the client will try to contact the agent implemented by the server, and the server then forwards the request to the client that originally contacted the server, which further forwards it to the local agent. This way, ssh-agent
and agent forwarding implement single sign-on that can progress transitively.ForwardAgent
option must be set to yes
on the client (see ssh_config) and the AllowAgentForwarding
option must be set to yes
on the server (see sshd_config).Running
ssh-agent
ssh-agent
command is usually run from initialization scripts at login, such as from /etc/X11/Xsession.d/90x11-common_ssh-agent
on Linux Mint LMDE. Alternatively, any user can configure it to be run from, e.g., the user's ~/.xsession
file or ~/.profile
.SSH_AUTH_SOCK
environment variable is set to point to a unix-domain socket used for communicating with the agent, and the SSH_AGENT_PID
environment variable is set to the process ID of the agent. To get the environment variables set in the user's shell environment, the agent is usually run with something like the following:eval `ssh-agent`
ssh-agent
command accepts the following options:md5
and sha256
./bin/sh
) commands on stdout. By default the shell is automatically detected.m
for minutes, h
for hours, d
for days, and w
for weeks. Without this option, the agent keeps the keys in its memory as long as it runs. This can be overridden when running the ssh-add command.Further Reading
See Also
How to Enable SSH Commands in Windows - InterWorksSSH Agent ExplainedSetting up SSH-Agent in Windows for Passwordless Git Authentication - InterWorksHow to Enable SSH for Accessing a Remote Mac's Shell Securely