The ssh-agent and ssh-add usage examples for password-protected RSA keys management during SSH authentification. SSH is a network protocol that helps to login from one computer to another securely. In this tutorial, you will read how to generate the SSH key for Git.
This tutorial explains how you can replace password-based SSH authentication with key-based authentication which is more secure because only the people that own the key can log in. In this example, we're using PuTTY as our SSH client on a Windows system.
Generate a private and public key pair
Open PuTTYgen.exe, press Generate button, move mouse. Once the keys are generated, type your key passphrase (choose a «hard to guess» one). Save Public key. Save Private key.
Configure your Linux server (create user, save public key)
For this guide let's assume you regular login name is us3r
(replace it with one that you use regularly).
As root, on the shell, type:
You will be asked to fill in some details such as the user's real name (empty string is fine).
Now type:
Then in that folder, create and edit a file called authorized_keys2
.
In there, cut/paste your public ssh key, on ONE LINE (That is very important!!!)
- Do not add the email@example.com at the end of the line.
- Do not add the BEGIN PUBLIC KEY or END PUBLIC KEY.
- Do not add the rsa-key-20090211 at the end.
- Make sure, there is ssh-rsa at the beginning.
It should be something like:
Type:
Add Private key to PuTTY SSH authentication agent
Start the PuTTY SSH authentication agent PAGEANT.EXE. When started, right-click its systray icon and select «add key». Select your private key file, and type in your passphrase when you add the key. The Pageant works as a passphrase keeper.
Use PuTTY to connect to your server
Open PuTTY and connect as us3r@putty.org.ru
:
See that you log in without a password …
При использовании материалов сайта указывайте источник.
ssh-add is a helper program for ssh-agent.
ssh-add adds RSA or DSA identity files to the ssh agent. For ssh-add to work properly, the agent should be running, and have the SSH_AUTH_SOCK environment variable set.
1. Fix “Could not Open” Error (and Add Default RSA/DSA identities)
By default, when you try to execute the ssh-add command, you might get “Could not open a connection to your authentication agent.” error message as shown below.
The reason is ssh-agent is not running.
But, if you start the ssh-agent as shown below, you’ll still get the same error.
In order to fix the issue, you should start the ssh-agent as shown below.
Ssh Agent Remove Key
Now, when you execute the ssh-add, it will add the ~/.ssh/id_rsa, ~/.ssh/id_dsa and ~/.ssh/identity files to ssh-agent, and will not throw any error message.
2. Display the entries loaded in ssh-agent
Use either -l or -L as shown below to display all the RSA and DSA entries that are currently loaded into the ssh-agent.
The following examples shows that there are two entries currently loaded to the ssh-agent.
3. Delete all entries from ssh-agent
Use option -D as shown below to remove all the ssh entries from the ssh-agent.
4. Delete specific entries from ssh-agent
Using -d option, you can specify exactly what entries you like to delete.
The following example will remove only the default RSA entry from the ssh-agent.
5. Lock (or) Unlock the SSH Agent
Permanently Add Ssh Key To Ssh-agent Windows
You can lock the ssh agent as shown below using -x option. Once you lock the agent, you cannot add, delete, or list entries in the ssh agent without a password.
After locking, if you try to add, you’ll se SSH_AGENT_FAILURE message as shown below.
Adding Ssh Key To Ssh Agent Windows
To unlock an agent, use -X option as shown below. Make sure you enter the same password that you gave while locking the agent. If you give a wrong password, you’ll set “Failed to unlock agent.” message.