Security

How to use ssh-agent to make working with secure shell more efficient

If you constantly log in and out of your servers with ssh, Jack Wallen shows you how to make this task a bit more efficient, with the help of ssh-agent.

linuxsecurityhero.jpg
Image: Jack Wallen

How many times do you have to secure shell into the same servers over and over throughout the day? Each time you do, you have to enter your password to gain access to that server. What if I told you that process could not only be made easier, but more secure? This can be done with the help of ssh-key authentication and a remarkably handy tool called ssh-agent. With the combination of ssh-key authentication and ssh-agent, you can start an agent session and, so long as you are in that session, you can secure shell into that server without having to enter your user password. Once you're finished, exit the session and the next time you have to secure into the server, you'll have to enter the user password.

Setting this up is quite simple. I am going to assume you haven't yet set up ssh-key authentication. With that done, I'll then show you how to make use of ssh-agent. I will be demonstrating this process on Elementary OS and Ubuntu Server 16.10.

ssh-key authentication

The first thing to be done is to generate an ssh-key (on the client) for authentication and then copy that key from the client to the server. To generate your ssh-key, open up a terminal window on your client and issue the command:

ssh-keygen

You will be prompted to enter a password for the new key. You can opt to leave it blank, but I wouldn't suggest doing so (unless you have a very compelling reason—such as setting up ssh authentication for a bash script). Once the key is generated, you need to copy that key from the client to the server with the command:

ssh-copy-id USERNAME@IP

Where USERNAME is the name on the server you will be logging in with and IP is the IP address of the server. You will be prompted for the server user's password; enter that and the key will be copied.

That's it for the ssh-key portion.

Starting and using the agent

Back on the client terminal window, you have to start an ssh-agent session with the command:

eval `ssh-agent`

This command will return a PID to confirm your agent session has started (Figure A).

Figure A

Figure A

We are now within an ssh-agent session.

Now we have to add our ssh-keys to the agent with the command:

ssh-add

You will be prompted for the ssh-key password, at which point, your ssh-key has been added to the session. Now, if you ssh to the server, you will not be prompted for the password; ssh will simply log you in. Exit out of the server and attempt another ssh login and you still will not be prompted for the password. Why? Because you are still in the ssh-agent session. In order to exit the session, type exit. This is the one caveat to using ssh-agent; that exit command will exit you from your terminal session (or log you out of the server). There is one other way to kill your ssh-agent session. Remember that PID you were given? Issue the command kill PID (Where PID is the actual PID) and the ssh-agent will be terminated and you won't lose your terminal window or be forced to log out.

Now, when you attempt to log back into the server with ssh, you will be prompted for the ssh-key password.

A final reminder

It is very important that you exit out of the ssh-agent session (otherwise anyone could access your server through ssh). So do not forget this last step!

Also see

About Jack Wallen

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website jackwallen.com.

Editor's Picks

Free Newsletters, In your Inbox