SSH-agent for Windows, macOS, Linux
SSH-agent remembers SSH Public Key authentication, which can be time-limited by the user. This avoids the user having to type the password for each SSH connection, especially relevant to using Git over SSH. Windows has SSH built-in from Microsoft including SSH-agent. WSL also can use SSH-agent within each of the WSL images. SSH-agent works well with Git over SSH.
To use SSH-agent, add SSH keys like:
ssh-add ~/.ssh/mykey
This will persist the key in the SSH-agent until the SSH-agent is stopped, the user logs out,or the key is removed.
Remove all SSH-agent keys from RAM (if desired):
ssh-add -D
List all SSH-agent keys loaded:
ssh-add -L
Time limit for SSH-agent keys
Except for Windows, a time limit can be set for how long the key is remembered:
ssh-add -t 30m ~/.ssh/mykey
-t 30m
- remember authentication for a period of time (here, 30 minutes)
Currently, the OpenSSH implemenation of SSH-agent on Windows does NOT support the -t
option.
If the -t
option is used on Windows, it will fail like:
Could not add identity
<key>
: agent refused operation
Each operating system has a distinct method of enabling SSH-agent.
Windows SSH-agent
SSH-agent can be enabled from PowerShell. Note that the OpenSSH Client and OpenSSH server must both be installed.
Check if Windows SSH-Agent is running:
Get-Service ssh-agent
Start SSH Agent:
Set-Service -StartupType Automatic -Name ssh-agent
Start-Service ssh-agent
if status of Windows SSH-Agent in Powershell is “Running” then SSH-agent should be working.
Get-Service ssh-agent
If you still have trouble, try setting the permissions for the $HOME/.ssh directory more conservatively with this Powershell script.
Linux SSH-agent
For Linux, including Windows Subsystem for Linux:
Add to ~/.profile:
if [ -z "$(pgrep ssh-agent)" ]; then
rm -rf ${TMPDIR}/ssh-*
eval $(ssh-agent -s) > /dev/null
else
export SSH_AGENT_PID=$(pgrep ssh-agent)
export SSH_AUTH_SOCK=$(find ${TMPDIR}/ssh-* -name agent.*)
fi
macOS SSH-agent
On macOS, SSH-agent is enabled by default.
SSH agents can have vulnerabilities, as noted for Windows and Linux.
Related: Disable Gnome Keyring SSH Agent