First page Back Continue Last page Overview Graphics

ssh-agent


Notes:

ssh-agent has a weird quirk; it needs to start up as a background daemon, but it also needs to tell the applications that need to use it where to ask for keys. It does this by setting environment variables, so it has to start up a shell or X windows. Any applications you start inside that shell or X Windows session can then ask ssh-agent to provide them with an ssh key.
In some X Windows setups, one can add the following lines to ~/.xsession to automatically start ssh-agent:
eval `ssh-agent`
ssh-add
When ssh-agent starts up, it doesn’t have any keys in memory; the ssh-add command asks you for the passphrase for a given key, then hands the unlocked key to ssh-agent so it can later hand it out to future ssh sessions.
For reference, SSH supports agent forwarding, where you can ssh to Machine1, logging in with a key provided by your client’s ssh-agent, and ssh from Machine1 to Machine2, and have the ssh-agent request sent back to your original client’s ssh-agent as well. This allows you to keep the private key only on the local machine, but jump from machine to machine without having to start fresh sessions directly from the client machine.