Remember passphrases with ssh-agent — First published in fullweb.io issue #31

how-to-ssh-agent.md

How to use ssh-agent to cache your SSH credentials?

Contributed by Fabien Loudet, Linux SysAdmin at Rosetta Stone

Tired of always having to enter your SSH key passphrase when logging in to remote machines? Here comes ssh-agent. Enter the passphrase once and it will keep it in memory for you

Using ssh-agent in your shell session:

$ ssh-agent 
SSH_AUTH_SOCK=/tmp/ssh-hZQhwQlxahPX/agent.1833; export SSH_AUTH_SOCK; 
SSH_AGENT_PID=1834; export SSH_AGENT_PID; 
echo Agent pid 496; 

Copy/paste the 2 first lines from above:

$ SSH_AUTH_SOCK=/tmp/ssh-hZQhwQlxahPX/agent.1833; export SSH_AUTH_SOCK; 
$ SSH_AGENT_PID=1834; export SSH_AGENT_PID; 

Register your key and enter your password for the last time of this session:

$ ssh-add .ssh/id_rsa 
Enter passphrase for .ssh/id_rsa: 
Identity added: .ssh/id_rsa (.ssh/id_rsa)

And now SSH auth will not ask you for the passphrase anymore

BONUS: list your keys with:

$ ssh-add -l

@Kr3m - when you do ...

$ eval $(ssh-agent)
Agent pid 2101
$

... it sets the SSH_AUTH_SOCK and SSH_AGENT_PID shell environment variables. These are important and if they don't exist; then your ssh command won't know that ssh-agent is running. You should include something like ...

$ tail -2 ~/.profile 

eval $(ssh-agent)
$ 

... into your .profile file. There's variations on this method (see google searches); however, the key point is that you will loose your connection to your ssh-agent session once you exit your terminal and while it's technically still running; your ssh program won't know that.

This is a pure shell issue and not an ssh subsystem issue.

This is a pure shell issue and not an ssh subsystem issue.

Meh. I just did this instead. I still have to unlock it once after rebooting and opening the terminal, but it's still less of a headache than it was.

sudo nala install keychain (apt instead of nala for thoses who haven't migrated yet)

Added to ~/.bashrc:

if [[ `uname` == Linux ]] then
    /usr/bin/keychain $HOME/.ssh/id_rsa
    source $HOME/.keychain/$HOSTNAME-sh
fi

Added to ~/.ssh/config

Host *
    IgnoreUnknown UseKeychain
    UseKeychain yes
    AddKeysToAgent yes
    IdentityFile ~/.ssh/id_rsa

At least it works so there's that. sigh

Adding the following to ~/.ssh/config will help wit this. It also solves @elsiehupp's issue - i.e. there's no need to write code to do this automagically. Enjoy!

Host *
   AddKeysToAgent yes

Don't know what is wrong; got

Welcome to Termux

Docs:       https://doc.termux.com
Community:  https://community.termux.com

Working with packages:
 - Search:  pkg search <query>
 - Install: pkg install <package>
 - Upgrade: pkg upgrade

Report issues at https://bugs.termux.com
Agent pid 6633
~ $ cd SubStack
~/SubStack $ git commit --amend
Enter passphrase for "/data/data/com.termux/files/home/.ssh/id_ed25519":
[experimental 6ab528b2] qq
 Date: Thu Apr 10 00:05:55 2025 -0700
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 q
~/SubStack $ git commit --amend
Enter passphrase for "/data/data/com.termux/files/home/.ssh/id_ed25519":
[experimental 68712eb2] qq
 Date: Thu Apr 10 00:05:55 2025 -0700
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 q
~/SubStack $ git commit --amend
Enter passphrase for "/data/data/com.termux/files/home/.ssh/id_ed25519":
[experimental 9e49fd1a] qq
 Date: Thu Apr 10 00:05:55 2025 -0700
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 q
~/SubStack $ cat ~/.ssh/config
Host *
   AddKeysToAgent yes

~/SubStack $ cat ~/.bashrc
eval `ssh-agent -s`
~/SubStack $

don't know what to do.
Have a preview branch with almost 100 commits, and to edit the first commit with git rebase, requires to re-enter the password for all 100 commits.

👍