SSH-Agent – How to Automatically Add Key on Demand

I want to run ssh-agent (with maximum lifetime option), but not add any keys at startup, but instead add them on demand.

Like first time I login to some server it should ask for passphrase, next time (unless I waited for more than a hour) it should connect cleanly:

ssh server1
Enter passphrase for key '/home/vi/.ssh/id_dsa':
server1> ...

ssh server2
server2> # no passphrase this time

# wait for lifetime

ssh server2
Enter passphrase for key '/home/vi/.ssh/id_dsa':

I don't want to manually remember about running 'ssh-add' each time. (e.g. entered passphrase for just for ssh and "Oh, it hasn't remembered, need to retype").

How to configure ssh to automatically add key to ssh-agent if user provided the passphrase?

Best Answer

ssh supports adding a key to the agent on first use (since version 7.2). You can enable that feature by putting the following into ~/.ssh/config:

AddKeysToAgent yes

This also works when using derivative tools, such as git.

From the 7.2 changelog:

ssh(1): Add an AddKeysToAgent client option which can be set to 'yes', 'no', 'ask', or 'confirm', and defaults to 'no'. When enabled, a private key that is used during authentication will be added to ssh-agent if it is running (with confirmation enabled if set to 'confirm').

Best Answer

Related Solutions

Macos – SSH – is this the correct way to forward agent

Related Question