next up previous
Next: Running X on a Up: Configuration and setup Previous: Storing authentication keys in

Managing keys in memory

Before your connections can be authenticated without prompts for a passphrase, you have to use "ssh-add" to add the necessary keys to memory. To add the default key on the current system to memory, no options are needed. You will be prompted for your passphrase to decrypt the key. It is not echoed back as you type it. 

    [WOMBATNET:/home/wombat]
    $ ssh-add
    Enter passphrase for /home/wombat/.ssh/id_dsa:
    Identity added: /home/wombat/.ssh/id_dsa (/home/wombat/.ssh/id_dsa)
    Identity added: /home/wombat/.ssh/identity (wombat@WOMBATNET)

You can specify the file that contains the key if you have other identities than the default. You must use the private key file (the one that does not have the ".pub" extension).

To list all keys currently in memory, use the "-l" option: 

    [WOMBATNET:/home/wombat]
    $ ssh-add -l
    1024 `long hex string' wombat@WOMBATNET (RSA1)
    1024 `long hex string' /home/wombat/.ssh/id_dsa (DSA)

You can use the "-d" option to have the key deleted from memory. There is no "ssh-delete" command. Using the identity displayed above, we would type: 

    [WOMBATNET:/home/wombat]
    $ ssh-add -d ~/.ssh/id_dsa

You can delete all keys from memory at once with the "-D" option. 

    [WOMBATNET:/home/wombat]
    $ ssh-add -D
    [WOMBATNET:/home/wombat]
    $ ssh-add -l
    The agent has no identities.

This is useful if you have added keys into memory on remote systems and don't want to reconnect just to delete the keys.

You can also use the "-t X" directive, where "X" is a time value in seconds, to add a key to memory for a set duration. After the time value selected elapses, the key is automatically removed: 

    [WOMBATNET:/home/wombat]
    $ date       
    Tue Aug  1 09:40:05 MDT 2002
    [WOMBATNET:/home/wombat]
    $ ssh-add -t 60
    Enter passphrase for /home/wombat/.ssh/id_dsa: 
    Identity added: /home/wombat/.ssh/id_dsa (/home/wombat/.ssh/id_dsa)
    Lifetime set to 60 seconds
    [WOMBATNET:/home/wombat]
    $ ssh-add -l
    1024 `long hex string' /home/wombat/.ssh/id_dsa (DSA)
    [WOMBATNET:/home/wombat]
    $ date
    Tue Aug  1 09:41:15 MDT 2002
    [WOMBATNET:/home/wombat]
    $ ssh-add -l
    The agent has no identities.

next up previous
Next: Running X on a Up: Configuration and setup Previous: Storing authentication keys in

If you have questions about this document, please contact SCD Customer Support. You can also reach us by telephone 24 hours a day, seven days a week at 303-497-1278. Additional contact methods: consult1@ucar.edu and during business hours in NCAR Mesa Lab Suite 39.