Peerobyte / Documentation / Remote Access and Setup / Connecting via OpenSSH / Using ssh-agent

Using ssh-agent

Published

Here we will explain what ssh-agent is, how it works, how to add and remove keys from it, and how to use it to connect to a server.

ssh-agent is a background process that stores added private keys in the system's memory, providing them for authentication when connecting to remote servers. Using ssh-agent eliminates the need to enter the user's password or passphrase for each connection. To use ssh-agent for connections, you need to add a private key to it using the ssh-add command. During authentication, ssh-agent cycles through all the keys it has, without matching keys to specific servers.

After a system reboot, termination of the ssh-agent process, or user logout, all keys added to ssh-agent will be lost, and you will need to add the keys again.

Prerequisites

1. The client system should have a terminal available if it is based on Linux or macOS, and PowerShell should be installed if it is based on Windows. You can refer to the guide “Installing PowerShell on Windows” for instructions on how to install PowerShell.

2. The client system should have OpenSSH Client installed. The process for installing OpenSSH Client is described in the section “Installing OpenSSH Client”.

3. The client system should have the private key of the key pair, whose public key is on the server you are going to connect to. Instructions for creating a key pair and copying the private key to the server are provided in the sections “Creating Key Pair“ and “Copying Public Keys”.

Adding a key to ssh-agent

To use the features of ssh-agent you need to add a private key to it.


You can add a key to ssh-agent with the command:

		

			
		

		ssh-add <path_to_private_key>

where:

  • <path_to_private_key> - Path to the private key of the key pair. By default, key pairs are created in the folder C:\Users\<username>\.ssh\ for Windows, /home/<username>/.ssh for Linux, and /Users/<username>/.ssh for macOS.

If the private key is protected by a passphrase, you will have to enter it when adding the key to the ssh-agent.

If the path to the private key is not specified, the ssh-add command will by default add keys located in the .ssh subdirectory of the current user's home folder, such as id_rsa, id_dsa, id_ecdsa, and id_ed25519 if they exist.

For example:

		

			
		

		ssh-add D:\keys\mykey2

This command will add the mykey2 key pair private key, located in the D:\keys\ folder, to the ssh-agent.

Connecting to a server with ssh-agent

When connecting to a remote virtual machine or server using the ssh command, you do not need to specify the path to the private key if it is added to ssh-agent. It is also not necessary to specify the name of a particular private key, as the connection will search through all keys added to ssh-agent until a suitable key is found.

The command to connect will look like this:

		

			
		

		ssh <user_name_server>@<ip_address_server> [-p <port>]

where:

  • <username_user_name> is the username you used when creating a new user on the server. The process of creating a new user is described in the “Creating New User” section. You can also use the root user for connection, whose password is specified in the Password field of the “Instance Details“ section of the Peerobyte virtual machine or server control panel.

  • <IP_server> - The IP address of the virtual machine or server that is specified in the Main IP Address field of the “Public Network IPv4” section of the Peerobyte virtual machine or server control panel.

  • [-p <port>] - port number for SSH connection. This parameter is optional and applies only if the default port for SSH connection is changed in the server settings.

For example, a command to connect using a private key might look like this:

		

			
		

		ssh [email protected] -p 64743

This command will establish an SSH connection to the host at IP address 203.0.113.12. The connection will search through all keys loaded in the ssh-agent until a matching private key of the key pair whose public key is added to the authorized_keys list of user myuser2 is found. If a passphrase is set for this private key, the user will not be prompted to enter it. Successful verification of the private and public keys will provide remote access to the server with the rights of the user myuser2. The connection will be established through TCP port 64743.

Removing keys from ssh-agent

After rebooting the system, terminating the ssh-agent process, or logging out of the user session, all keys loaded in ssh-agent will be lost. However, you can remove the keys yourself.


To remove all keys from ssh-agent, use the command:

		

			
		

		ssh-add -D


If you need to remove a single private key, use the following command:

		

			
		

		ssh-add -d <path_to_private_key>

Where:

  • <path_to_private_key> - The path to the private key of the key pair. By default, key pairs are created in the folder C:\Users\<username>\.ssh\ for Windows, /home/<username>/.ssh for Linux, and /Users/<username>/.ssh for macOS.


For example:

		

			
		

		ssh-add -d D:/test/mykey2

This command will take the mykey2 private key located in the D:/test/ folder and map it to the keys stored in ssh-agent. If a matching mykey2 key is found in ssh-agent, it will be removed from ssh-agent.

Read more about ssh-agent

You can read more about the ssh-agent command syntax and its full functionality in the “SSH-agent Command Usage Guide”.