Using ssh-agent
ssh-agent
keeps your authentication tokens around while you're
running it, so you don't have to retype passwords during your session.
In ssh-agent
lingo, those tokens are called "identities".
Set up
To start ssh-agent
, put the following line in your .profile
file:
eval `ssh-agent -s`
The tool starts off as a daemon, but prints some environment variables
to stdout
. The SSH tools will later use these variables to find the
running agent process.
Alternatively, tell ssh-agent what binary to run (which will inherit the environment variables pointing to the agent). This is often useful to make ad-hoc ssh-agent sessions on the command line.
ssh-agent bash
Create a key if needed
Use ssh-keygen
to create a key. It supports multiple algorithms;
RSA with 4096 bits is usually considered a safe choice.
ssh-keygen -b 4096 -t rsa
You'll need to wait a bit here until the key is generated.
Manipulating keys in ssh-agent
When you have ssh-agent
running, you can load identities into it.
When an identity is loaded into the agent, ssh
will try using it to
authenticate to SSH servers. You may need to enter a password on
ssh-add
to unlock the key on your disk.
ssh-add -l |
lists the currently loaded identities |
ssh-add |
adds the default identities to the agent |
ssh-add -D |
removes the loaded identities from the agent |