Since your public and private keys are stored locally in a file,
removing them is as simple as deleting the file. Of course, this
will only delete them on your local machine and not any servers
where you may have
Using public key authentication makes logging in to a server with SSH more secure, but less
To make public key authentication more convenient to use, the OpenSSH developers created the ssh-agent and ssh-add programs. These programs are designed to keep your private keys decrypted in memory for your current session. With ssh-agent, you will not need to type a passphrase when connecting to a remote system, since the private key resides in memory.
While this makes using public key authentication more convenient, it should be noted that it does pose a small security risk as your private key is sitting in memory decrypted. If a rogue program were able to read that portion of memory, it would be able to use the private key and log in to the remote server using your credentials.
ssh-agent can be run in one of two ways. The first way is to enter
at the command line, which runs ssh-agent in the background and sets two environment
[email@example.com]$ eval 'ssh-agent' Agent pid 19401 [firstname.lastname@example.org]$ echo $SSH_AGENT_PID 19401 [email@example.com]$ echo $SSH_AUTH_SOCK /tmp/ssh-XXZCgt5e/agent.19401 [firstname.lastname@example.org]$
The second way to run ssh-agent is to supply a program
[email@example.com]$ ssh-agent /bin/bash [firstname.lastname@example.org]$ echo $SSH_AGENT_PID 1272 [email@example.com]$ echo $SSH_AUTH_SOCK /tmp/ssh-XXZCgt5e/agent.1271 [firstname.lastname@example.org]$
Once ssh-agent has started up successfully, you need to add the private keys into memory. This is done using the ssh-add program as
[email@example.com]$ ssh-add Enter passphrase for /home/sshuser/.ssh/id_rsa: Identity added: /home/sshuser/.ssh/id_rsa (/home/sshuser/.ssh/id_rsa) [firstname.lastname@example.org]$
When given no arguments, the ssh-add program looks for the files
in the home directory of the
Alternatively, ssh-add accepts a filename as an argument. The filename specified is expected to contain the private-keys which ssh-add will load into memory.
If a private key requires a passphrase to decrypt it, ssh-add will prompt the user for the passphrase. If the passphrase is entered correctly, the private key will be stored in memory.
Once the private keys have been loaded into memory, it may be helpful to verify that they are really there. This can be done using the “l option. This option will display all private keys that are currently in memory:
[email@example.com]$ ssh-add -l 1024 5b:62:e3:14:80:72:e0:58:03:36:29:52:29:90:a9:04 /home/sshuser/.ssh/id_rsa (RSA) [firstname.lastname@example.org]$