After creating keys with name id_rsa
at it's default location. I am adding identity to SSH agent with command ssh-add ~/.ssh/id_rsa
, It's adding successfully.
I can SSH without entering pass phrase of key as It's already with SSH Agent.
But ,when I restart machine or server and then check for identity with command ssh-add -L
I am getting message like The agent has no identities
.
Does that means when we restart machine, Agent lost identity? Is this normal behavior or some thing I am missing here?
Please guide me, I am not much familiar with SSH.
Best Answer
It's normal. The purpose of a key agent is just to hold decrypted keys in memory, but it will never write them to disk. (That would defeat the purpose – why not just unprotect the main key instead?)
So the keys must be unlocked on each login, and you need to automate this – on Linux using
pam_ssh
is one option; it automatically uses your OS password to unlock the agent. Another similar module ispam_envoy
, which is slightly more reliable afaik (but requires systemd).Both modules will start the agent itself and load keys automatically.