Skip to content

ssh-agent Command Cheat Sheet

ssh-agent is a program to hold private keys used for public key authentication. It allows you to use your keys without re-entering your passphrase for every connection.

Synopsis

ssh-agent [options] [command [arg ...]]

Starting the Agent

Eval Method (Most Common)

Start the agent and set the environment variables in the current shell.

eval "$(ssh-agent -s)"
# Output: Agent pid 12345

Spawn a New Shell

Start a new shell with the agent as a parent.

ssh-agent bash

Usage

Once running, use ssh-add to add keys.

# 1. Start agent
eval "$(ssh-agent -s)"

# 2. Add key
ssh-add ~/.ssh/id_rsa

# 3. Connect (no password needed)
ssh user@server

Killing the Agent

When you are done.

ssh-agent -k
# Or just kill the process
kill $SSH_AGENT_PID

Persistence

To have ssh-agent run automatically on login, check your specialized shell config files (.bash_profile, .zshrc) or use a system-wide user service. Many modern desktop environments (GNOME Keyring, macOS Keychain) start an ssh-agent compatible process automatically.

Notes

  • Security: The agent creates a unix socket. Anyone with root access (or your user permissions) can access this socket.
  • Forwarding: ssh -A forwards access to your local agent to the remote server. Use with caution on untrusted servers.