Your Browser is not longer supported

Please use Google Chrome, Mozilla Firefox or Microsoft Edge to view the page correctly
Loading...

{{viewport.spaceProperty.prod}}

ssh-agent - Authentication agent

&pagelevel(4)&pagelevel

Syntax

ssh-agent [-a <bind_address>] [-c | -s] [-t <life>] 
          [-d] [<command> <[args> ...]]
ssh-agent [-c | -s] -k

A detailed description of the operands is provided in the OpenSSH man pages.

Description

The authentication agent ssh-agent is a utility for administering the private keys for public key authentication (RSA, DSA, ECDSA, Ed25519). Initially ssh-agent has no key. You can use the ssh-add utility (see "ssh-add - Loading private keys in the authentication agent") to assign keys to ssh-agent. ssh-add adds the files $HOME/.ssh/id_rsa, $HOME/.ssh/id_dsa, $HOME/.ssh/id_ecdsa and $HOME/.ssh/id_ed25519 to the authentication agent.

It makes sense to start ssh-agent on your local PC, notebook or terminal at the start of a login session. All other windows and programs are then executed as clients of ssh-agent. Environment variables enable the clients to locate the ssh-agent and use it for automatic authentication if they log onto remote computers with the OpenSSH client ssh.

Executing ssh-agent on your local PC, notebook or terminal has the advantage that ssh-agent never sends authentication data over the channel via which it receives the requests. Instead, ssh-agent itself performs operations which require a private key and returns the result to the computer from which the request came. This behavior is referred to as agent forwarding.

If you call authentication agents with the format

evalssh-agent [-c | -s]

ssh-agent is run as a background process (daemon) and generates shell commands as its output. These commands enable the shell and its child processes to utilize the authentication agent’s services.

You terminate the ssh-agent daemon with the following command:

evalssh-agent -k [-c | -s]

If you call authentication agents with the format

ssh-agent [<command> [<args> ...]]

the command <command> and all child processes of <command> can utilize the authentication agent. After <command> has been executed, the authentication agent is terminated automatically.

If you call the authentication agent without parameters, it generates a Unix domain socket and listens there in the background for user requests.

Files

ssh-agent uses the following files:

$HOME/.ssh/id_dsa

Contains the user’s private DSA key for authentication.

$HOME/.ssh/id_rsa

Contains the user’s private RSA key for authentication.

$HOME/.ssh/id_ecdsa

Contains the user’s private ECDSA key for authentication.

$HOME/.ssh/id_ed25519

Contains the user’s private Ed25519 key for authentication.

/tmp/ssh-XXXXXXXX/agent.<ppid>

Unix domain sockets which contain the connections to the ssh-agent. Only the owner should have read and write permissions for these sockets; no other user should have read or write permission. When ssh-agent terminates the sockets are automatically removed.

Powered by Atlassian Confluence and Scroll Viewport.