Skip to content

ssh-add Command Cheat Sheet

ssh-add adds private key identities to the authentication agent, ssh-agent. This allows you to type your passphrase once and use your key for multiple connections.

Synopsis

ssh-add [options] [file ...]

Basic Usage

Add Default Keys

Adds ~/.ssh/id_rsa, ~/.ssh/id_ed25519, etc.

ssh-add

Add Specific Key

ssh-add ~/.ssh/my_custom_key

Managing Keys

List Loaded Keys (-l)

Show fingerprints of all identities currently represented by the agent.

ssh-add -l
Output example: 2048 SHA256:abc... /home/user/.ssh/id_rsa (RSA)

List Public Keys (-L)

Show public key parameters of all identities.

ssh-add -L

Delete a Key (-d)

Remove a specific key from the agent.

ssh-add -d ~/.ssh/id_rsa

Delete All Keys (-D)

Clear all keys from the agent.

ssh-add -D

Advanced Options

Life-time (Expiration) (-t)

Set a maximum lifetime when adding identities.

# Keep key in memory for 1 hour (3600 seconds)
ssh-add -t 1h ~/.ssh/id_rsa

Lock/Unlock Agent (-x / -X)

Lock the agent with a password.

# Lock
ssh-add -x
# Unlock
ssh-add -X

Notes

  • Agent Forwarding: If you use ssh -A, the remote server can access your local agent to authenticate further hops.