The ssh-agent program can be used to create store where you can keep private keys. Keys in this store will be available to ssh, scp and related programs. The advantage is that you are asked for your pass phrase to access a key just once, when it is put in the store, this gives the convinience of having a public-private key pair to allow access to other machines without giving a password without having a non-protected file on your machine which an intruder could copy and use to pretend to be you.
The following script can be used to start an ssh-agent when you log in, if necessary, or connect to an already running one. Putting it in your .bashrc to be called only when the shell is attached to a terminal will mean that every shell you run on a machine should have access to your keys.
# Attach to or run an ssh-agent # # Use as # # tty -s && . ssh_agent -add # or # tty -s && . ssh_agent -quiet # # in .bashrc # # For csh try # eval `ssh_agent -csh -add` add='' quiet='' csh='' while true do case "$1" in -add ) add=1 shift ;; -quiet ) quiet=1 shift ;; -csh ) csh=1 shift ;; * ) break; esac done { agent_file=$HOME/.ssh/agent_env_`hostname` ssh-add -l >/dev/null 2>/dev/null if [ $? != 2 ] then echo Agent: ok { echo "SSH_AUTH_SOCK=$SSH_AUTH_SOCK; export SSH_AUTH_SOCK;" if [ -n "$SSH_AGENT_PID" ] then echo "SSH_AGENT_PID=$SSH_AGENT_PID; export SSH_AGENT_PID;" echo "echo Agent pid $SSH_AGENT_PID;" fi } > $agent_file else if [ -f "$agent_file" ] then [ -n "$quiet" ] || echo Agent: load "$agent_file" . "$agent_file" fi ssh-add -l >/dev/null 2>/dev/null if [ $? != 2 ] then echo Agent: loaded ok else [ -n "$quiet" ] || echo Agent: run ssh-agent -s > "$agent_file" . "$agent_file" fi fi if [ -n "$add" ] then keys="" for k in $HOME/.ssh/id* do if [ -f "$k.pub" ] then fp=`ssh-keygen -l -f $k|awk '{print $2}'` if ssh-add -l | fgrep -q "$fp" then [ -n "$quiet" ] || echo "Known: $k" else [ -n "$quiet" ] || echo "Add: $k" keys="$keys $k" fi fi done if [ -n "$keys" ] then [ -n "$quiet" ] || echo Agent: add $keys ssh-add $keys fi fi [ -n "$quiet" ] || ssh-add -l unset agent_file add quiet if [ -n "$csh" ] then cat <<END >&3 setenv SSH_AUTH_SOCK "$SSH_AUTH_SOCK"; setenv SSH_AGENT_PID "$SSH_AGENT_PID"; echo Agent pid $SSH_AGENT_PID; END fi } 3>&1 >&2
Once you have and agent running you can also let scripts which may not be run from an interactive shell, for instance things run from cron or a window manager menu, have access to the keys. Put something like this at the top of your script:
ssh-add -l >/dev/null 2>&1 || [ ! -f $HOME/.ssh/agent_env_`hostname` ] || . $HOME/.ssh/agent_env_`hostname`
Scripts with this at the top can then call ssh, and so long as there is a useful key in the agent's store, they will not need to prompt you for a passphrase.
