How to use ssh-agent for authentication on Linux / Unix

How do I use the ssh-agent command for non-interactive authentication on Linux and Unix-like systems such as macOS or FreeBSD desktop? My private key is protected with a passphrase or password. So I need have to enter the passphrase to use the ssh private key for authentication multiple times. How can I tell ssh ask the passphrase one time only?

You need to use the ssh-agent command. It would hold your private keys used for ssh public key authentication. In other words, ssh-agent remember and temporarily stores the passphrase in memory. Then as soon as you use the ssh command with the private key, ssh-agent will kick in to provide the passphrase for ssh session. Consequently, eliminating typing the passphrase again.

Using ssh-agent command for non-interactive authentication

Open the terminal and type the following command:
$ eval $(ssh-agent)
$ eval `ssh-agent`

You will see the PID of the ssh-agent as follows on screen:

Agent pid 97280

Use ssh-add to add the private key passphrase to ssh-agent

Now our ssh-agent is running, and you need to provide the passphrase for your ssh private keys. For example, run the ssh-add command:
$ ssh-add
Type the passphrase:

Enter passphrase for /home/vivek/.ssh/id_ed25519: 
Identity added: /home/vivek/.ssh/id_ed25519 (vivek@nixcraft)

By default it adds the files ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ecdsa_sk, ~/.ssh/id_ed25519, and ~/.ssh/id_ed25519_sk. But, we state another private key file as follows:
$ ssh-add ~/.ssh/aws-web-servers

Setting up a maximum lifetime for identities/private keys

Pass the -t life to the ssh-add command to s a maximum lifetime when adding identities to an agent. The lifetime may be specified in seconds or in a time format specified in sshd_config file:
$ ssh-add -t 1800 # 1800 seconds
$ ssh-add -t 45m # 45 minutes
$ ssh-add -t 3h42 # 3 hours 42 minutes

Remember, you can configure GNOME/KDE or macOS desktop to run ssh-agent and unlock keys automatically when log-in. For example:

Use ssh-agent for ssh/sftp/scp command authentication

Once you add the private key (or keys) to the ssh-agent, all you have to do is use ssh, sftp, scp, and all other ssh commands. For instance, I will execute the ssh command for my FreeBSD backup server:
$ ssh user@server
$ ssh user@hostname_or_ip
$ scp file.doc vivek@server1.cyberciti.biz:~/Documents/
# State the private key for public key authentication #
$ ssh -i ~/.ssh/aws-web-servers ec2-user@rhel8-web-server
$ ssh -i ~/.ssh/linode-nixcraft-servers vivek@1.2.3.4
$ ssh vivek@192.168.2.236

The ssh-agent for non-interactive ssh authentication in action on my Ubuntu Linux desktop

Please note that When you log out of your shell or close terminal session that started ssh-agent, the passphrases will be removed from system memory.

How to list my private keys cached by ssh-agent

Run the following command to lists fingerprints of all identities/private keys:
$ ssh-add -l

256 SHA256:uym82.....6VLU vivek@nixcraft (ED25519)
2048 SHA256:GVs...S0AA root@backup-servers (RSA)
3072 SHA256:VLg8...SCDFpA key for local lxds (RSA)

Want to see list all public key parameters of all identities:
$ ssh-add -L

Deleting all cached ssh-agent private keys

Pass the -D option to the ssh-add command:
$ ssh-add -D
You will see confirmation as follows on screen:

All identities removed.

Conclusion

In this quick tutorial, you learned how to use ssh-agent for authentication and list/clear out private keys from memory when needed under Linux or Unix-like systems. For further information, see OpenSSH documentation or use the man command to read man pages:
$ man ssh-agent
$ man ssh-add
$ man ssh
$ man sftp
$ man scp
$ man sshd_config


🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 0 comments... add one


CategoryList of Unix and Linux commands
Disk space analyzersdf duf ncdu pydf
File Managementcat cp mkdir tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Modern utilitiesbat exa
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg glances gtop jobs killall kill pidof pstree pwdx time vtop
Searchingag grep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
0 comments… add one

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum