After creating keys with name id_rsa at it's default location. I am adding identity to SSH agent with command ssh-add ~/.ssh/id_rsa, It's adding successfully.
I can SSH without entering pass phrase of key as It's already with SSH Agent.
But ,when I restart machine or server and then check for identity with command ssh-add -L I am getting message like The agent has no identities.
Does that means when we restart machine, Agent lost identity? Is this normal behavior or some thing I am missing here?
Please guide me, I am not much familiar with SSH.
14 Answers
It's normal. The purpose of a key agent is just to hold decrypted keys in memory, but it will never write them to disk. (That would defeat the purpose – why not just unprotect the main key instead?)
So the keys must be unlocked on each login, and you need to automate this – on Linux using pam_ssh is one option; it automatically uses your OS password to unlock the agent. Another similar module is pam_envoy, which is slightly more reliable afaik (but requires systemd).
Both modules will start the agent itself and load keys automatically.
4On OS X, ssh-add has a special flag to connect to Keychain if you decide to store your private key in there.
Just run ssh-add -K ~/.ssh/id_rsa.
I believe this answers your question more fully. This OS X specific flag is hard to find documentation for but it's been working since at least OS X Leopard.
2Try to this to your ~/.bashrc:
if [ ! -S ~/.ssh/id_rsa ]; then eval `ssh-agent` ln -sf "$SSH_AUTH_SOCK" ~/.ssh/id_rsa ssh-add
fi
export SSH_AUTH_SOCK=~/.ssh/id_rsaThis should only prompt for the password once you are login.
3This solution is handy if your ssh keys are passphrase protected.
The problem with all the answers above is that if your private key is passphrase protected, every time you launch a new terminal and try to use the private key, you have to type in the passphrase and you will end up running multiple copies of the ssh-agent in memory. The solution is to add the following in your ~/.bashrc or ~/.zshrc:
##### START Fix for ssh-agent #####
# Ref:
SSH_ENV="$HOME/.ssh/environment"
function start_agent { echo "Initialising new SSH agent..." /usr/bin/ssh-agent | sed 's/^echo/#echo/' > "${SSH_ENV}" echo succeeded chmod 600 "${SSH_ENV}" . "${SSH_ENV}" > /dev/null /usr/bin/ssh-add;
}
# Source SSH settings, if applicable
if [ -f "${SSH_ENV}" ]; then . "${SSH_ENV}" > /dev/null #ps ${SSH_AGENT_PID} doesn't work under cywgin ps -ef | grep ${SSH_AGENT_PID} | grep ssh-agent$ > /dev/null || { start_agent; }
else start_agent;
fi
##### END Fix for ssh-agent #####This will ask for the passphrase of your ssh private key(s) only once when you launch a terminal. Subsequent opening of new terminal sessions (or tmux seesions) will reuse the ssh-agent created by the snippet above.
