Use the Key Agent
You can use the key agent, ssh-agent, to manage the private keys that you use for authentication. The agent enables you to store private keys and use these keys to authenticate ssh, scp, and sftp sessions. Because passphrases are required only when you add keys to the agent, using the agent can simplify scripting that relies on ssh. By default, the connection to the agent can be forwarded, which means you can use the stored identities securely anywhere in the network.
Note: Because agent forwarding creates an added security risk, you may want to disallow it. Use ForwardAgent on the client and AllowAgentForwarding on the server.
To launch the agent in your current shell
- Use the following command:
When you launch using eval, you need to terminate the process manually. You can use the PID, or use -k, as shown here:
To launch the agent in a subshell
- When you run ssh-agent alone on the command line, a display appears showing how to configure required environment variables. However, these required variables aren't yet configured. To configure the environment variables you can copy the displayed text, paste it to the command line, and execute the command. Until you do this, you won't be able to use ssh-add. This additional step is not required when you use eval or $SHELL as shown in the preceding examples.
- If you use X11, call ssh-add with '< /dev/null' to activate the ssh-askpass prompting window. This window is used for passphrase prompts.
- If you are using private keys associated with X.509 certificates, use the ssh-add -x option to add these keys to the key agent: