You are here: Home User Information Authentication SSH SSH Agent

SSH Agent

by throwe — last modified Jun 05, 2008 11:43 AM
Contributors: John DeStefano
How to use an SSH agent to store your private key for SSH transactions.

Each time you log into a remote host using SSH keys, you will be prompted to supply the pass phrase used to lock your private key. There is an SSH agent that will hold your private key for you, respond to the SSH transaction, and supply the key as needed. You start the SSH agent with the command:

ssh-agent [command [args ...]]

Where command is an optional application to run that will have access to the agent. Most modern versions of Linux have the agent being started when your X-windows session starts, so the agent will be available to all applications under X.

You add keys to the agent with the ssh-add command. Typing:

ssh-add -l

where the argument is a lower-case L, will tell you whether the agent is running and which keys are loaded into it. If the ssh-add -l command displays:

Could not open a connection to your authentication agent.

then the agent is not running. If the response is:

The agent has no identities.

then no keys are loaded into the agent. To load a key into the agent, use the command:

ssh-add [file ... ]

If no file name is provided, then an attempt is made to load the default files, otherwise the named private key file will be loaded. You will be prompted for the pass phrase for the private key file.

SSH Agent in Windows

To use the SSH agent under Windows, you just have to start Pageant from the PuTTY menu. Starting the agent will put an icon of a computer terminal with a hat on it Pageant system tray iconin the system tray. To load a key into the agent, right-click on the Pageant icon, and then click Add Key. A file dialog will come up, and you should open the private key file that you want to load. You will be prompted for the key's passphrase.

If you want the agent to start automatically and load your private key when you Windows starts, simply add the .ppk file to your Startup folder in your Start menu (this assumes that you have installed the PuTTY programs using the Windows installer method, so that the association between the .ppk extension and the Pageant program was made) as:

C:\Documents and Settings\<user>\id_rsa.ppk

where <user> is replaced by your username, and the .ppk file should be the name of your private key file. You will be prompted to browse to the key file during the process of adding the file to the Startup folder.

If you want to add more than one private key at startup, then put a script like the following in your Startup folder:

C:\Program Files\PuTTY\pageant.exe <keyfile> <keyfile>

where <keyfile> is replaced by the names and paths to the key files that you want to load.

If you do this, then when your machine starts up, a dialog box will prompt you for the passphrase for each of the private key files in the Startup folder. After you enter the passphrase, the Pageant icon will appear in the system tray and contain your private key.

Forwarding Keys in PuTTY

Once your private key has been loaded into Pageant, you'll need to instruct PuTTY to forward the key as necessary.  To do this, in the main PuTTY Configuration window, in Connection -> SSH -> Auth, enable the options for Attempt authorization using Pageant and Allow agent forwarding.

PuTTY Auth Configuration

 
Document Actions