SSH-agent for Windows, macOS, Linux

SSH-agent remembers SSH Public Key authentication, which can be time-limited by the user. This avoids the user having to type the password for each SSH connection, especially relevant to using Git over SSH. Native Windows has SSH including SSH-agent, and separately WSL also can use SSH-agent. SSH-agent works well with Git over SSH.

To use SSH-agent, add SSH keys like:

ssh-add -t 30m ~/.ssh/mykey
-t 30m
remember authentication for a period of time (here, 30 minutes)

Remove all SSH-agent keys from RAM (if desired):

ssh-add -D

List all SSH-agent keys loaded:

ssh-add -L

Note that if the SSH private key was manually deleted, access to the remote SSH server is lost until a new private key is placed on the remote server when an SSH key is removed from SSH-agent.

Each operating system has a distinct method of enabling SSH-agent.

Windows SSH-agent

SSH-agent can be enabled from PowerShell. Note that the OpenSSH Client and OpenSSH server must both be installed.

Check if Windows SSH-Agent is running:

Get-Service ssh-agent

Start SSH Agent (requires “Run as Administrator”):

Set-Service -StartupType Automatic -Name ssh-agent

Start-Service ssh-agent

if status of Windows SSH-Agent in Powershell is “Running” then SSH-agent should be working.

Get-Service ssh-agent

Linux SSH-agent

For Linux, including Windows Subsystem for Linux:

Add to ~/.profile:

if [ -z "$(pgrep ssh-agent)" ]; then
   rm -rf ${TMPDIR}/ssh-*
   eval $(ssh-agent -s) > /dev/null
   export SSH_AGENT_PID=$(pgrep ssh-agent)
   export SSH_AUTH_SOCK=$(find ${TMPDIR}/ssh-* -name agent.*)

macOS SSH-agent

On macOS, SSH-agent is enabled by default.

SSH agents can have vulnerabilities, as noted for Windows and Linux.

Related: Disable Gnome Keyring SSH Agent