ssh-add Command in Linux
ssh-add is an OpenSSH suite utility. It lets you work with your private keys in your SSH authentication agent, ssh-agent. The command lets you securely access remote servers by adding your SSH private keys to the agent. What this implies is that you won't have to enter your passphrases anymore.
The primary purpose of the ssh-add command is to safely add private keys in the ssh-agent and manage them. The command offers seamless password-free access to remote servers provided the key could be added in the agent.
Table of Contents
Here is a comprehensive guide to the options available with the ssh-add command −
Syntax of ssh-add Command
The basic syntax for the ssh-add command is as follows −
ssh-add [options] [file...]
Where,
- options − Flags to customize the behavior of ssh-add.
- file... − The private key file(s) to load into ssh-agent. If no file is specified, it adds the default key (~/.ssh/id_rsa, ~/.ssh/id_ecdsa, etc.).
ssh-add Command Options
Listed below are some available options that can be utilized with the ssh-add command −
| Option | Description |
|---|---|
| -c | Requires confirmation each time the added identity is used for authentication. |
| -D | Deletes all currently loaded identities from ssh-agent. |
| -d | Removes specific identities from ssh-agent. |
| -e reader | Removes a key stored in a smart card reader. |
| -L | Displays the public key parameters of all currently loaded identities in ssh-agent. |
| -l | Shows the fingerprints of all identities currently loaded into ssh-agent. |
| -s reader | Adds a key from a smart card reader to the ssh-agent. |
| -t life | Sets a time limit for how long the added identity remains in ssh-agent. |
| -T token | Specifies the token name explicitly, as defined in sshd_config. |
| -X | Unlocks the ssh-agent, allowing the keys to be used. |
| -x | Locks the ssh-agent with a password, preventing stored keys from being used. |
Examples of ssh-add Command in Linux
Let's explore a few practical examples of ssh-add command on Linux environment −
- Adding a Private Key for Authentication
- Setting a Time Limit for Key Availability
- Listing Public Keys Loaded into ssh-agent
- Removing All Keys from ssh-agent
- Adding a Key from a Smart Card
Adding a Private Key for Authentication
Imagine you need to log in to a remote server regularly, but entering the passphrase for your private key each time is tedious. By adding your key to ssh-agent, you can simplify the process.
ssh-add ~/.ssh/id_rsa
This adds the id_rsa private key to the ssh-agent. You'll be prompted to enter the passphrase once, and the key will remain available for authentication without further passphrase entry.
Setting a Time Limit for Key Availability
In situations where security is critical, you might want your private key to be available for a limited time only. This ensures that even if the agent is left running, the key is automatically removed after a specified duration.
ssh-add -t 3600 ~/.ssh/id_rsa
This sets a lifetime of 1 hour (3600 seconds) for the id_rsa private key in the ssh-agent. After this time, the key will be automatically removed from the agent.
Listing Public Keys Loaded into ssh-agent
When managing multiple keys, you might need to verify which ones are currently loaded into ssh-agent. For example, you want to confirm the public keys available for authentication.
ssh-add -L
This displays the public key parameters for all private keys loaded into the ssh-agent. You can copy these keys to authorized_keys files on servers for access.
Removing All Keys from ssh-agent
For security or administrative purposes, you might want to clear all the loaded keys from ssh-agent. This ensures no keys remain available for authentication.
ssh-add -D
This deletes all private keys currently loaded into the ssh-agent, effectively clearing the agent.
Adding a Key from a Smart Card
In enterprise environments where hardware tokens or smart cards are used for authentication, you can load a key directly from the smart card reader into ssh-agent.
ssh-add -s /path/to/reader
This adds the key stored in the specified smart card reader to the ssh-agent, enabling hardware-based authentication.
Conclusion
The ssh-add command is an essential utility for managing SSH private keys with ssh-agent, streamlining secure authentication processes for remote servers. Its features, such as adding keys, setting time limits, and supporting hardware-based keys, make it versatile and highly valuable for security-conscious users and administrators.
By integrating ssh-add into your workflow, you can simplify repetitive tasks, ensure your systems remain secure, and maintain flexibility for key management. Whether it's adding a key for a limited session or managing keys from smart cards, mastering ssh-add helps optimize authentication practices.