Better Alternative (than original answer) based on having no passphrase on the keyfile
You asked about @u1686_grawity's comment:
If it's without passphrase, do you need the agent at all, as opposed to having the ssh client load it directly from a file?
@u1686_grawity makes a good point, and that's that most SSH clients will let you specify a keyfile directly without requiring an agent.
I often connect to a remote server through ssh key authentication.
You don't necessarily mention how you are connecting, but if it's with the stock ssh
command, then you can simply specify your keyfile on the commandline with:
ssh -i ~/.ssh/my_key <username>@site
In that case, you don't need an ssh-agent
running at all.
Even if you aren't using ssh
-proper, most SSH tools that are based on OpenSSH will also use the same ~/.ssh/config
, meaning you can even skip specifying the identity filename. For example, create a ~/.ssh/config
with the following:
Host <whatever_you_want_to_call_it>
Hostname <hostname_or_ip>
User <optional_username_if_different>
IntentityFile ~/.ssh/my_key
Then you can simply ssh <whatever_you_want_to_call_it>
and everything else will be pulled from the config. Other tools like sftp
and scp
will also act the same.
Old Answer (works as well, but required for keys will passwords):
@Kolkhis's answer will certainly work, but if you run multiple shells (e.g., under Tmux or Windows Terminal), it will invoke a new running instance of ssh-agent
for each shell. In your case, that's not too bad since your key doesn't have a password (although I would caution against that as well, of course). However, for keys with passwords, you have to enter it again for each shell you run. It will also incur additional (albeit small) startup time and memory.
I recommend the keychain
utility by Daniel Robbins (also the creator of Gentoo Linux). This small utility checks to see if there's an existing ssh-agent
running, and if so, it simply sets the appropriate environment variables to point to that agent. Otherwise, on first launch, of course, it will start a new agent.
It's available in the default repositories of most distributions, including Ubuntu:
sudo apt install keychain
Then add the following to your ~/.bashrc
:
eval $(keychain --eval my_key)
IIRC, you don't even need to specify the path to the key unless it isn't in the the default ~/.ssh/
.
AddKeysToAgent
. It gives you a "grace period", remembering the password for a specified time. I'm still trying to make this work on WSL, but it seems complicated.