ssh-add ssh-agent ssh-copy-id

  • apt-cache search openssh-client
  • apt-cache search openssh-server
  • apt install -y openssh-client
  • apt install -y openssh-server

ssh-add accepts the following command line options.

  • -c Causes a confirmation to be requested from the user every time the added identities are used for authentication. The confirmation is requested using ssh-askpass.
  • -D Deletes all identities from the agent.
  • -d Deletes the given identities from the agent. The private key files for the identities to be deleted should be listed on the command line.
  • -E Specifies the hash algorithm for displaying key fingerprints. Valid options include md5 and sha256.
  • -e pkcs11path Remove identities provided using a PKCS#11 interface, identified by the given path to its shared library. PKCS#11 interfaces are typically used for accessing keys on smartcards and hardware security modules (HSM).
  • -k When loading keys into or deleting keys from the agent, process plain private keys onmly, skipping certificates.
  • -L Lists public key parameters of all identities currently represented by the agent.
  • -l Lists fingerprints of all identities currently represented by the agent.
  • -s pkcs11path Adds identities provided by the PKCS#11 shared library at pkcs11path. This is can be used for adding keys on smartcards or in hardware security modules (HSM).
  • -t life Sets the maximum time the agent will keep the given key. After the timeout expires, the key will be automatically removed from the agent. The value is seconds, but can be suffixed for m for minutes, h for hours, d for days, or w for weeks.
  • -X Unlocks the agent. This asks for a password to unlock.
  • -x Locks the agent. This asks for a password; the password is required for unlocking the agent. When the agent is locked, it cannot be used for authentication.


  • ssh-add ~/.ssh/id_dsa
  • ssh-add -d ~/.ssh/id_dsa
  • ssh-add -l
  • ssh-add -D

ssh-add -A Could not open a connection to your authentication agent

eval `ssh-agent -s`
ssh-add ssh密钥的文件名
ssh-agent bash
ssh-add ssh密钥的文件名


当遇到如下情况时,我们会需要 ssh 代理。

  1. 使用不同的密钥连接到不同的主机时,需要手动指定对应的密钥,ssh 代理可以帮助我们选择对应的密钥进行认证,不用手动指定密钥即可进行连接

  2. 当私钥设置了密码,我们又需要频繁的使用私钥进行认证时,ssh 代理可以帮助我们免去重复的输入密码的操作

上述两种情况我们会一一道来,不过在描述它们之前,我们先来了解一下怎样使用 ssh 代理

启动 ssh 代理并添加密钥

首先,如果想要使用ssh代理,我们则需要先启动ssh代理,也就是启动 ssh-agent 程序,如下两条命令都可以启动代理,但是略有不同


ssh-agent $SHELL
eval `ssh-agent`
$ eval "$(ssh-agent -s)"
> Agent pid 59566
$ ssh-add ~/.ssh/id_rsa


eval "ssh-agent -s"

当我们使用 ssh-agent $SHELL 命令时,会在当前 shell 中启动一个默认 shell,作为当前 shell 的子 shell,ssh-agent 程序会在子 shell 中运行,当执行 ssh-agent $SHELL 命令后,我们也会自动进入到新创建的子shell中,centos中,默认shell通常为bash,所以,在centos中上述命令通常可以直接写为 ssh-agent bash ,当然,如果你的默认 shell 已经指定为其他 shell,比如 csh,那么你也可以直接使用 ssh-agent csh,效果都是相同的,我们来实验一下。