ssh-agent is a single sign-on mechanism for SSH that is included in the OpenSSH software. Use this tag for questions on how to configure and use ssh-agent.
An alternative to password-based authentication is public-key-authentication. In essence, with public-key authentication one proves the identity by signing a challenge using the private key. Assuming that
- the verification of the signature succeeds
- the digital signature scheme is secure
- the private key is indeed private
- an authentic copy of the corresponding public key is available
this proves the identity.
The third point is essential. In order to protect private keys from leaking out, they are often locked with a password (or passphrase). In order to unlock and use them, the user has to enter that password. ssh follows the same pattern.
Since this procedure is not very user friendly, single sign-on was invented. The basic idea is that a user authenticates once and all further authentication happens automagically. For SSH (more precisely, the OpenSSH implementation) this magic is performed by the ssh-agent which stores the passphrase in memory and automates SSH public-key authentication.
Beware: By default, once started, ssh-agent keeps your passphrases indefinitely. In particular, ssh-agent does not terminate upon session exit. A more secure approach is to let ssh-agent "forget" passphrases after a while.
