SSH-Agent

How to use the SSH-Agent.

An SSH agent ensures that the passphrase for a key does not have to be re-entered for each connection. In addition, you can use agent forwarding using the -A argument, i.e. you can connect from a remote system to another remote system if your own key is registered there. However, keys should not be permanently linked to the agent for security reasons.

Jump directly to the Linux part

Windows 10

Without additional programs

Newer versions of Windows already have an OpenSSH feature built in. This SSH agent does not yet have as many features as on Linux (see https://github.com/PowerShell/Win32-OpenSSH/issues/1056). It can be enabled as follows:

 

Press the Windows key and search for Manage optional features.

 

 

Select OpenSSH Client and install it. This window can now be closed.

 

 

Next, press the Windows key again and search for Services.

 

 

Right-click the OpenSSH Authentication Agent service and select Properties.

 

 

Set the startup type to Automatic or Automatic (Delayed startup), then apply the settings.

Now you can add your SSH key in the command prompt using ssh-add.

To avoid any security risk, you should remove your key(s) from the agent every day before you leave work.

$ ssh-add -D

In the morning, add it again:

$ ssh-add [Path]

PuTTY (Pagent)

PuTTY has something similar to SSH Agent: Pagent, this program remembers the passphrase to an SSH key and enters it for you. This requires a key in .ppk format.

Guide on how to generate a .ppk key (https://it-kph.uni-mainz.de/2018/10/02/generating-a-ssh-key-with-putty/)

 

Start Pagent.

 

 

A new icon will appear in your taskbar. Double-click it to open a window.

 

 

Click Add Key and select the .ppk file with your key. You will be prompted to enter the passphrase.

Linux Subsystem für Windows

The openssh package has to be installed.

Start the SSH Agent with :

$ eval ssh-agent

Keys can be added with:

$ ssh-add -t (Duration) [Path]

e. g.:

$ ssh-add -t 8h   # Key is added for 8 hours
$ ssh-add -t 300  # Key is added only for 5 minutes

This process can also be done automatically, just append the following lines to the ~/.profile file:

test "x$SSH_AGENT_PID" = "x" && eval "$(ssh-agent -s)"
ssh-add -t 8h [Path to your SSH-Key]

Unix

Most Linux distributions & MacOS have SSH agents already started by default. Whether an agent already exists can be checked like this:

$ ps ax | grep ssh-agent
   1227 ?        Ss     0:00 ssh-agent -s
   1322 tty1     S+     0:00 grep --color=auto ssh-agent

Keys can be added with:

$ ssh-add -t (Duration) [Path]

e. g.:

$ ssh-add -t 8h   # Key is added for 8 hours
$ ssh-add -t 300  # Key is added only for 5 minutes

Active identities can be inspected with:

$ ssh-add -l
Posted on | Posted in Allgemein