ssh-agent keeps your authentication tokens around while you're running it, so you don't have to retype passwords during your session. In ssh-agent lingo, those tokens are called "identities".

Set up

To start ssh-agent, put the following line in your .profile file:

eval `ssh-agent -s`

The tool starts off as a daemon, but prints some environment variables to stdout. The SSH tools will later use these variables to find the running agent process.

Alternatively, tell ssh-agent what binary to run (which will inherit the environment variables pointing to the agent). This is often useful to make ad-hoc ssh-agent sessions on the command line.

ssh-agent bash

Create a key if needed

Use ssh-keygen to create a key. It supports multiple algorithms; RSA with 4096 bits is usually considered a safe choice.

ssh-keygen -b 4096 -t rsa

You'll need to wait a bit here until the key is generated.

Manipulating keys in ssh-agent

When you have ssh-agent running, you can load identities into it. When an identity is loaded into the agent, ssh will try using it to authenticate to SSH servers. You may need to enter a password on ssh-add to unlock the key on your disk.

ssh-add -l	lists the currently loaded identities
ssh-add	adds the default identities to the agent
ssh-add -D	removes the loaded identities from the agent