Skip to content

Instantly share code, notes, and snippets.

@debuglevel
Last active June 16, 2022 16:32
Show Gist options
  • Save debuglevel/50a2aa76348d308bd39f3b617580040e to your computer and use it in GitHub Desktop.
Save debuglevel/50a2aa76348d308bd39f3b617580040e to your computer and use it in GitHub Desktop.
ssh-agent HowTo

ssh-agent basics

  • You might want to use SSH agent forwarding. This way you do not have to load your key on the server in any way - but it also bears a certain risk that a malicious user (e.g. another sudo user) on the remote system can also use it.
    • PuTTY provides this setting (default off) at Connection->SSH->Auth->Allow agent forwarding.
    • For OpenSSH, use ssh -A.
  • Start via eval $(ssh-agent) in your current shell.
  • Add your default key via ssh-add.
  • Add a key by pasting it into stdin: ssh-add - and CTRL+D three times. Password will probably be shown in cleartext! Use clear, reset or tmux clear-history afterwards.
  • List loaded keys: ssh-add -l or ssh-add -L
  • Use ssh-add -x to lock agent wirh a password and ssh-add -X to unlock.
  • sudo -s, sudo -i and even sudo ssh [...] will remove the SSH_AUTH_SOCK environment variable pointing to the agent socket. In case of sudoing to root, sudo -s --preserve-env=SSH_AUTH_SOCK will work (other users will not work due to permissions).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment