SSH key agent

Setting up a SSH key agent enables you to connect to the remote machines safely without typing your password over and over.

Create SSH key

SSH key is a pair of file that shows your identity. It comprises of a private key (think of it as the key) and a public key (think of it as the keyhole). You can put  the public key on the ssh server and access the server with your private key. It is recommended to protect your private key with a password, otherwise if someone copies your private key, he will be able to access all your remote machines. 

Generate key pair on Unix system

Type [shell]ssh-keygen[/shell] and follow the instructions. By default the generated key pair will locate at [shell]~/.ssh/[/shell].

After that, you can add your public key to the [shell]~/.ssh/authorized_keys[/shell] on the remote machine. There is also a shortcut for this: [shell]ssh-copy-id[/shell].

Windows with putty

Putty comes with a tool called puttygen.exe to generate the key pair. The private key is stored in a .ppk file, and the public key is shown in the interface.

You can then copy the public key to  [shell]~/.ssh/authorized_keys[/shell] on the remote machine.

SSH Key agent

With encrypted SSH, you have to enter the password whenever you use your private key. [raw]ssh-agent[/raw] tries to ease this by encrypting your private key once, and keep the key until you logout.

Unix with ssh-agent

[shell]eval $(ssh-agent -s)[/shell] starts the key agent, and you can then [shell]ssh-add somekey[/shell] to add your keys. If you do not specify the key file to add, it adds the default key file in [raw]~/.ssh[/raw]

You can add the two lines to [raw]~/.bashrc[/raw], but to avoid entering the password everytime you open a terminal, you can add the ssh-agent to you desktop environment startup script, or use keychain.

Unix with keychain

Keychain looks for existing ssh-agent sessions and use it if one exists. It “allows you to easily have one long running ssh-agent process per system, rather than the norm of one ssh-agent per login session”.

To use it, install key chain on you computer, and add [raw]eval `keychain –eval –agents ssh id_rsa`[/raw] to your [raw]~/.bash_profile[/raw] or  [raw]~/.bashrc[/raw]

Windows with pageant

The ssh-agent equivalent for putty is the pageant. You can open your private key files with the pageant and start you ssh sessions from there.

Agent forwarding

When you get your ssh key, chances are that you would like to jump from server to server or transfer files between servers. SSH has a convenient feature to forward your key when to 


On Unix, ssh has a “-A” option to forward your ssh-agent when you travel across the servers. For example, [shell]ssh -A[/shell] forwards you key agent to teoroo, and you can use your key without re-entering your password during the  ssh session.

You can also create a config file in you home directory to specify 

[shell] Host TEOROO
   forwardAgent yes
   Port 22
   user yunqi

After that, you can just type [shell]ssh TEOROO[/shell] and get you key agent forwarded automatically. Note that you should only forward the agent to trusted servers, since even though you do not store your key on the remote machine, the system admin can still use you forwarded key when you login.

Windows with putty

You can also enable the agent forward for putty in [raw]Connection->SSH->Auth->Authentication parameters[/raw]

Comments are closed.