What is ssh-agent?

When we create a new SSH Key Pair, we add a passphrase to protect it from unauthorized access.

Whenever we want to use the key, we get asked for the passphrase:

$ ssh user@myserver.example.com -i ~/.ssh/id_rsa
Enter passphrase for /home/jan/.ssh/id_rsa:

This can get cumbersome quickly, especially if the passphrase is longer (and stored in a password manager).

Therefore, we’re using ssh-agent, which manages our keys and passphrases for us. Usually, it should start automatically. You can check if it’s up and running with this command:

$ ps aux | grep ssh-agent
root      1220  0.0  0.0  11304   320 ?        Ss   01:11   0:00 ssh-agent
root      1355  0.0  0.1  14856  1028 pts/0    S+   01:27   0:00 grep --color=auto ssh-agent

In the first line, we see the ssh-agent process running. The second one comes from the grep command we just ran to narrow down the output.

If ssh-agent is not active yet, execute this command:

$ eval $(ssh-agent -s)
Agent pid 1380

Now it’s up and running.

Adding an existing SSH Key to ssh-agent

Let’s add our key to ssh-agent:

$ ssh-add ~/.ssh/id_rsa
Enter passphrase for /home/jan/.ssh/id_rsa:

This adds my private key with the name id_rsa to the agent (if your key is not named id_rsa, please fill in your actual key name).

We can verify that this has worked with ssh-add:

$ ssh-add -L
ssh-rsa AAAA.....

You will see a long piece of text starting with ssh-rsa AAAA. Now, when we connect to our server, it’ll automatically talk to ssh-agent for the private key and it won’t ask us for the password. Success!

Leave a Reply