Unix / Linux ssh-add Command Examples to Add SSH Key to Agent (转)

发表于 | 分类于 | | 游览

Unix / Linux ssh-add Command Examples to Add SSH Key to Agent

ssh-add is a helper program for ssh-agent.
ssh-add adds RSA or DSA identity files to the ssh agent. For ssh-add to work properly, the agent should be running, and have the SSH_AUTH_SOCK environment variable set.

  1. Fix “Could not Open” Error (and Add Default RSA/DSA identities)
    By default, when you try to execute the ssh-add command, you might get “Could not open a connection to your authentication agent.” error message as shown below. 
1
2
3
4
5
6
7
8
9
$ ssh-add
Could not open a connection to your authentication agent.
The reason is ssh-agent is not running.  
But, if you start the ssh-agent as shown below, you’ll still get the same error.  

$ ssh-agent
SSH_AUTH_SOCK=/tmp/ssh-cYYsc14689/agent.14689; export SSH_AUTH_SOCK;
SSH_AGENT_PID=14690; export SSH_AGENT_PID;
echo Agent pid 14690;
1
2
3
4
5
6
7
8
9
10
$ ssh-add
Could not open a connection to your authentication agent.
In order to fix the issue, you should start the ssh-agent as shown below.  

$ exec ssh-agent bash
Now, when you execute the ssh-add, it will add the ~/.ssh/id_rsa, ~/.ssh/id_dsa and ~/.ssh/identity files to ssh-agent, and will not throw any error message.

$ ssh-add
Identity added: /home/ramesh/.ssh/id_rsa (/home/ramesh/.ssh/id_rsa)
Identity added: /home/ramesh/.ssh/id_dsa (/home/ramesh/.ssh/id_dsa)
  1. Display the entries loaded in ssh-agent
    Use either -l or -L as shown below to display all the RSA and DSA entries that are currently loaded into the ssh-agent.
    The following examples shows that there are two entries currently loaded to the ssh-agent. 
1
2
3
4
5
6
7
8
9
10
$ ssh-add -l
2048 34:36:63:c2:7d:a5:13:e4 /home/ramesh/.ssh/id_rsa (RSA)
1024 ee:60:11:bf:1b:31:3b:fb /home/ramesh/.ssh/id_dsa (DSA)

$ ssh-add -L
ssh-rsa A2EAAAABIwAAAQEAtVRcaEnxOef0n5WLr9DV1JsLpx4E+P2Zf/N9JBLBbVKDD1BZf
eRmLK8hZZKf0iva8+q1VNyxQB5oTfKGr79ll7KDRwfIgErw== /home/ramesh/.ssh/id_rsa

ssh-dsa 8WDTpyJiLUNlIXSfCRe7nOjeMlgyn8vM3cWsosO0x4eMDYEMvefzhev0RAtbhyBvs
WLLCwkaVzCZdZvsDa2cl7zKRd+3zLSfBQRa1wpMjJaeJbCg== /home/ramesh/.ssh/id_dsa
  1. Delete all entries from ssh-agent
    Use option -D as shown below to remove all the ssh entries from the ssh-agent. 
1
2
$ ssh-add -D
All identities removed.
1
2
$ ssh-add -l
The agent has no identities.
  1. Delete specific entries from ssh-agent
    Using -d option, you can specify exactly what entries you like to delete.
    The following example will remove only the default RSA entry from the ssh-agent. 
1
2
3
4
5
6
7
8
9
$ ssh-add -l
2048 34:36:63:c2:7d:a5:13:e4 /home/ramesh/.ssh/id_rsa (RSA)
1024 ee:60:11:bf:1b:31:3b:fb /home/ramesh/.ssh/id_dsa (DSA)

$ ssh-add -d /home/ramesh/.ssh/id_rsa
Identity removed: /home/ramesh/.ssh/id_rsa (/home/ramesh/.ssh/id_rsa.pub)

$ ssh-add -l
1024 ee:60:11:bf:1b:31:3b:fb /home/ramesh/.ssh/id_dsa (DSA)
  1. Lock (or) Unlock the SSH Agent
    You can lock the ssh agent as shown below using -x option. Once you lock the agent, you cannot add, delete, or list entries in the ssh agent without a password. 
1
2
3
4
5
$ ssh-add -x
Enter lock password:
Again:
Agent locked.
After locking, if you try to add, you’ll se SSH_AGENT_FAILURE message as shown below.
1
2
3
4
5
6
7
8
9
$ ssh-add
SSH_AGENT_FAILURE
SSH_AGENT_FAILURE
Could not add identity: /home/ramesh/.ssh/id_rsa
To unlock an agent, use -X option as shown below. Make sure you enter the same password that you gave while locking the agent. If you give a wrong password, you’ll set “Failed to unlock agent.” message.

$ ssh-add -X
Enter lock password:
Agent unlocked.
感谢您的支持!