So, you have an SSH key pair. The public key has been added on to the server. On the client, ie your laptop/desktop
you have your private key. For some reason, your private key has not been loaded into memory.
All you have to do is start the
ssh-agent and then load the key into memory via
Step 1: Start the agent
Step 2: load the key into memory
The Underlying Software And Processes Explained
ssh-agent is a program that acts as a mediator between the client and the server. When the client initiates an
SSH connection, the server requests the client to authenticate itself. The client sends a signed message using its
private key to the server. The server then verifies the signature using the corresponding public key, which is
stored in a file called
authorized_keys on the server. If the verification is successful, the server grants
access to the client.
However, in this use case, the client’s private key is not currently loaded into memory. To load the private key into
ssh-agent is used.
ssh-agent creates a secure, persistent connection between the client and the server,
and the private key is added to the agent using
ssh-add. Once the key is added to the agent, the client can
initiate SSH connections without needing to enter a passphrase for the private key each time.
In more detail, when
ssh-agent is started, it creates a Unix socket and sets some environment variables that
instruct the user’s shell how to connect to the socket. When
ssh-add is called with the path to the private key as
an argument, it prompts the user to enter the passphrase for the private key, if one was set during key generation.
It then decrypts the private key and adds it to the
ssh-agent keeps the decrypted key in memory
and can provide it to the SSH client when needed.
ssh-agent provides a secure and convenient way to manage private keys for SSH authentication by
storing them in memory and
ssh-add is used to add the private key to the ssh-agent. This eliminates the need for
the user to enter a passphrase for the private key each time they initiate an SSH connection.
Is There A Better Alternative?
Yes. Use a key manager. On Ubuntu 22.04
gnome-keyring is the default key manager. To make use of it, just place
the key in your
~/.ssh directory. To take advantage of automatic importing of keys into the key manager,
your-key.pub files in
~/.ssh. When you logon to your computer, the key manager will load
your key into memory. You can also add keys manually with the GUI tool
seahorse. Launch Seahorse and import your
OpenSSH key as a one time activity. You should be all set.
Curiosity Question: What’s The Deal With
The reason why you need to use
eval in the command
eval $(ssh-agent) is that the
ssh-agent command outputs
some shell commands that need to be executed to set up the SSH agent environment variables.
When you run the
ssh-agent command, it starts a new instance of the SSH agent and outputs the environment
variables that need to be set in the current shell session to use the agent. These variables include
SSH_AGENT_PID, which are required by the SSH client to communicate with the SSH agent and use the keys stored in
eval command is used to execute the output of the
ssh-agent command as shell commands in the current shell
$(command) syntax is used to capture the output of the
ssh-agent command and pass it as an argument
eval, which evaluates the output as shell commands and sets the required environment variables.
eval $(ssh-agent) is a convenient way to set up the SSH agent environment variables in the current shell
session without having to manually copy and paste the output of the ssh-agent command. It allows you to start using the
SSH agent immediately, without having to set up the environment variables manually.
If you want to setup the agent manually without
eval, do this:
On my computer, the output is like this:
SSH_AUTH_SOCK=/tmp/ssh-XXXXXX281aZd/agent.13423; export SSH_AUTH_SOCK; SSH_AGENT_PID=13424; export SSH_AGENT_PID; echo Agent pid 13424;
You will see a bunch of commands separated by semicolon. Copy and paste the output of
$(ssh-agent) on the terminal,
and you are all set!