OpenSSH provides the basic utilities described below to support user-friendly, automated client/server authentication:

• ssh-agent - Authentication agent
  In the case of client authentication (see "Authentication between OpenSSH client ssh and server sshd") the private keys are always stored in files in encrypted form for security reasons, and consequently you must enter the associated password each time you use the private key. In this case and in others, too, the authentication agent facilitates the handling of the private keys.

• ssh-add - Loading private RSA/(EC)DSA/Ed25519 keys in the authentication agent
  After it has been started the authentication agent initially receives no private RSA/(EC)DSA/Ed25519 keys. You load these into the authentication agent using the ssh-add utility.

• ssh-keygen - Generating and administering a user-specific key pair (RSA/(EC)DSA/Ed25519)
  In the case of RSA(EC)DSA/Ed25519-based client authentication, each user requires a key pair comprising a private and a public RSA, (EC)DSA or Ed25519 key. You can generate and administer such key pairs with the ssh-keygen utility.

• Creating and checking ssh-keyscan - ssh_known_host files
  The ssh-keyscan utility enables you to query the public SSH host keys of different hosts from any OpenSSH client and to transfer these to the ssh_known_hosts files. Furthermore, ssh-keyscan supports you in checking existing ssh_known_hosts files.