Setting up an Agent

Now that you have a key, you need an agent to act for you. To get an ssh-agent running in your interactive sessions put this in your shell setup file:

For tcsh

this goes in $HOME/.login

   if ( ! $?SSH_AUTH_SOCK ) then
      eval `ssh-agent -c`
      ssh-add
   endif

For bash

this goes in$ HOME/.bash_profile or $HOME/.profile

   if [ -z "$SSH_AUTH_SOCK" ] ; then
      eval `ssh-agent -s`
      ssh-add
   fi

In either case the idea is the same:-

1. Check to see if an agent is already running by looking to see if the environmental variable SSH_AUTH_SOCK is defined.

2. If not, run ssh-agent but in a rather strange way:-

   eval `ssh-agent -s` (or -c)

   The backquotes runs ssh-agent and its output is then used by the eval command. ssh-agent starts up a separate ssh-agent process and then output commands to define the environmental variables SSH_AUTH_SOCK and SSH_AGENT_PID which are fed back to the eval command that executes them. The option -c tells it to create csh commands and -s tells it to create sh commands. This rather tortuous mechanism is needed so that running a job, which involves creating a child shell, can update the parent shell environment.

3. The last step is to run ssh-add, which by default will load all the keys it can find in $HOME/.ssh. It will prompt you for the password for each key, although if you have chosen the same password for all your keys it only needs to ask once.

At anytime you can list what keys your agent is currently offering by typing:-

ssh-add -l

When you logout, you should kill your ssh-agent by putting this in your shells logout file ($HOME/.logout for tcsh, $HOME/.bash_logout for bash):

ssh-agent -k