If you are reading my blog, odd are you already know how to use
ssh-add to manage you SSH keys. If not,
you can read up on it.
Up to speed?
ssh-add has a few other features that people,
including me, forget about. Let’s take a look.
You can list the currently loaded keys with
-L. The former
displays the keys’ fingerprints while the latter displays the entire
public key. Both list the path of file the key came from, which it the
only way I recognize them.
ssh-add -d file removes the key the file from the agent.
clears out all keys, taking you back to square one.
You can simply run
ssh-add -D to remove all of your keys from the
Agent, but then you have to go through the trouble of adding them
back. However, if you just want to step away and make sure your keys are
protect, you can use
1 2 3 4
The Agent still has your keys, but won’t allow them to be used until
1 2 3
Instead of locking your keys, you can set an auto-expiry with
-t after which
the key will automatically be deleted from the agent:
1 2 3 4
OS X Specific
On OS X
ssh-add is integrated with the system keychain. If you give
-K option, as in
ssh-add -K, when you add a key, that key’s
password will be added to the keychain. As long as your keychain is
unlocked, a key that has been stored in this way doesn’t require a
password to be loaded into the agent.
All keys with their password stored in the keychain will automatically
be loaded when you run
ssh -A. This happens automatically on
I have mixed feeling about this feature, preloading your keys makes life easier, but it does remove a layer of security. If someone access your Mac, they get your keys. On the other hand, the probably get a lot of other things too. Typically, I take the lazy approach for everyday keys and keep the high-security ones out of the keychain.
When a password has been stored in keychain,
ssh -K -d key-file both
removes the key from the agent and removes it password from the
-d does not change the keychain and the key
can be reloaded without a password.
-D silently ignores
There you have it, a pretty small but surprisingly helpful set of features, you now have in your bag of tricks.