How many times do you have to secure shell into the same servers over and over throughout the day? Each time you do, you have to enter your password to gain access to that server. What if I told you that process could not only be made easier, but more secure? This can be done with the help of ssh-key authentication and a remarkably handy tool called ssh-agent. With the combination of ssh-key authentication and ssh-agent, you can start an agent session and, so long as you are in that session, you can secure shell into that server without having to enter your user password. Once you're finished, exit the session and the next time you have to secure into the server, you'll have to enter the user password.
Setting this up is quite simple. I am going to assume you haven't yet set up ssh-key authentication. With that done, I'll then show you how to make use of ssh-agent. I will be demonstrating this process on Elementary OS and Ubuntu Server 16.10.
The first thing to be done is to generate an ssh-key (on the client) for authentication and then copy that key from the client to the server. To generate your ssh-key, open up a terminal window on your client and issue the command:
You will be prompted to enter a password for the new key. You can opt to leave it blank, but I wouldn't suggest doing so (unless you have a very compelling reason—such as setting up ssh authentication for a bash script). Once the key is generated, you need to copy that key from the client to the server with the command:
Where USERNAME is the name on the server you will be logging in with and IP is the IP address of the server. You will be prompted for the server user's password; enter that and the key will be copied.
That's it for the ssh-key portion.
Starting and using the agent
Back on the client terminal window, you have to start an ssh-agent session with the command:
This command will return a PID to confirm your agent session has started (Figure A).
Now we have to add our ssh-keys to the agent with the command:
You will be prompted for the ssh-key password, at which point, your ssh-key has been added to the session. Now, if you ssh to the server, you will not be prompted for the password; ssh will simply log you in. Exit out of the server and attempt another ssh login and you still will not be prompted for the password. Why? Because you are still in the ssh-agent session. In order to exit the session, type exit. This is the one caveat to using ssh-agent; that exit command will exit you from your terminal session (or log you out of the server). There is one other way to kill your ssh-agent session. Remember that PID you were given? Issue the command kill PID (Where PID is the actual PID) and the ssh-agent will be terminated and you won't lose your terminal window or be forced to log out.
Now, when you attempt to log back into the server with ssh, you will be prompted for the ssh-key password.
A final reminder
It is very important that you exit out of the ssh-agent session (otherwise anyone could access your server through ssh). So do not forget this last step!
- How to manually add ssh keys for key-authentication (TechRepublic)
- How to set up ssh key authentication (TechRepublic)
- How to work with remote filesystems using sshfs (TechRepublic)
- An introduction to the Linux home directory (TechRepublic Video)
- Linux 4.13 RC1 arrives: 'Get testing' says Linus Torvalds (ZDNet)
Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website jackwallen.com.