When setting up a passwordless SSH login environment using private and public keys, it is necessary to enter a passphrase for the private key when logging into a remote server via SSH. Although the passphrase only needs to be entered once during a terminal session, it must be re-entered if the session is terminated. To avoid this inconvenience, this article outlines the process for permanently adding the passphrase to an ssh-agent.
For users of macOS and Windows, the passphrase will not be required even after a machine reboot. However, on Ubuntu, the passphrase will only need to be entered once after a reboot. This solution eliminates the need to continually enter the passphrase, making the SSH login process more efficient and user-friendly.
By permanently adding the passphrase to an ssh-agent, the process of logging into a remote server via SSH can be made more convenient. This is particularly useful for those who frequently log into remote servers and prefer a passwordless login environment.
For macOS
Adding private key to macOS keychain
To add the private key to the keychain application, open a terminal and type the following command:
$ ssh-add --apple-use-keychain ~/.ssh/id_rsa
- Info.
- The above command is validated in macOS Monterey 12.4.
- If it’s not working, try
ssh-add -K ~/.ssh/id_rsa.
Let ssh-agent always use macOS keychain
Configure .ssh/config as follows:
Host *
UseKeychain yes
AddKeysToAgent yes
IdentityFile ~/.ssh/id_rsa
Note: .ssh/config should be with permission 644.
For Ubuntu
Install keychain
Install the keychain using the following command:
$ sudo apt-get install keychain
Keychain manages the ssh-agent by checking for its presence and starting it if needed. It allows the agent to hold the private key and stores the agent’s environment, enabling passwordless ssh connections through referencing the environment during ssh login attempts.
Let keychain hold private key
Open .zprofile (or .bash_profile) and type the following to save the private key to the installed keychain.
...
if [[ `uname` == Linux ]] then
/usr/bin/keychain $HOME/.ssh/id_rsa
source $HOME/.keychain/$HOST-sh
fi
...
Info. Adding the above in .zshrc or .bashrc also works.
Let ssh-agent always use keychain
Configure .ssh/config as follows:
Host *
IgnoreUnknown UseKeychain
UseKeychain yes
AddKeysToAgent yes
IdentityFile ~/.ssh/id_rsa
Info. To ensure compatibility with macOS, we only require the IdentityFile property. We also add the IgnoreUnknown UseKeychain property to prevent errors that may occur if the UseKeychain property is not defined on Ubuntu systems.
For Windows
Enable the ssh-agent service
- Press the windows key, then search and open the
Servicesapp. - Find the
OpenSSH Authentication Agentservice in the list. - Right click on the service and click
Properties. - Set the
startup typetoAutomatic, and click onApply. - Click the
Startbutton to change the service status toRunning. - Click the
Okbutton and close theServicesapp.
Add private key to the ssh-agent
Open powershell and type the following command:
> ssh-add .ssh\id_rsa
Info. The .ssh folder is usually located under C:\Users\[USER_NAME]\
Leave a comment