About
ssh-agent is the authentication agent of Openssh.
It works on Linux and windows
It stores un/desencrypted private keys in memory, and communicates with SSH clients via Unix_domain_socket
Installation
Windows
With the windows agent:
- you don't get a ssh-agent Unix Socket but the npipe \.\pipe\openssh-ssh-agent 1). Therefore, you can only work with Docker Windows Container
- as of today (2024-0-09), SSH Agent forwarding is only for Desktop Docker Mac and Linux.
2) By default the ssh-agent service is disabled.
- Configure it to start automatically with a shell running as an Administrator.
Get-Service ssh-agent | Set-Service -StartupType Automatic
# start
Start-Service ssh-agent
# status
Get-Service ssh-agent
Status Name DisplayName
------ ---- -----------
Running ssh-agent OpenSSH Authentication Agent
(get-command ssh-agent.exe).path
C:\Windows\System32\OpenSSH\ssh-agent.exe
Linux
On Linux, the ssh-agent binary should already be available, if not use your package manager to install it
Example:
apt-get install openssh
Shell Configuration
Git bash
On Git bash, if you want to work with:
- the windows ssh-agent, you need to configure it at installation.
- with the openssh of Git, see below the Posix Shell configuration
Posix Shell
In a posix shell, you start the ssh-agent and set the configuration variables with the following command:
ssh-agent -s
# where:
# ssh-agent starts the ssh-agent
# -s generate commands on stdout
SSH_AUTH_SOCK=/tmp/ssh-asX1VgTTeGM3/agent.1848; export SSH_AUTH_SOCK;
SSH_AGENT_PID=1849; export SSH_AGENT_PID;
echo Agent pid 1849;
You can configure it to start automatically with the following command in .bashrc
eval `ssh-agent -s`
Key Operations
If your private key is not stored in one of the default locations (like ~/.ssh/id_rsa), you'll need to add them.
Add a key
Add a SSH private key to the ssh-agent created with keygen with the ssh-add
- Posix Shell
ssh-add ~/.ssh/id_rsa
- Powershell
ssh-add $env:USERPROFILE\.ssh\id_ed25519
Add all keys from a directory
ssh-add <directory to private SSH key>
List the keys
ssh-add -l
Return empty if there is no key
The agent has no identities.
Remove a key
ssh-add -d ~/.ssh/key-to-remove
Set an expiration
ssh-add -t <seconds>