How to use SSH config and key agent
Topic: Servers linux
Summary
Configure SSH client with ~/.ssh/config for hosts, keys, and options; use ssh-agent to hold keys so you do not type passphrases repeatedly. Use this to simplify SSH and SCP to servers and to avoid exposing keys to every command.
Intent: How-to
Quick answer
- Add to ~/.ssh/config: Host myserver, HostName 1.2.3.4, User deploy, IdentityFile ~/.ssh/id_ed25519_deploy. Then ssh myserver connects with that user and key.
- Start ssh-agent: eval $(ssh-agent); ssh-add ~/.ssh/id_ed25519. Keys stay in agent until logout or ssh-add -D. Add ssh-add to shell profile if you want keys loaded on login.
- Use ProxyJump for bastions: Host jump, HostName jump.example.com. Host app, ProxyJump jump, HostName 10.0.0.5. ssh app jumps through jump.
Prerequisites
Steps
-
Create SSH config entries
Edit ~/.ssh/config (mode 600). Block: Host shortname, HostName ip-or-fqdn, User username, IdentityFile path. Save; then ssh shortname uses that HostName, User, and key.
-
Use ssh-agent
eval $(ssh-agent); ssh-add (adds default key) or ssh-add ~/.ssh/id_ed25519. ssh-add -l lists loaded keys. Use -t lifetime to expire keys. Add eval and ssh-add to .bashrc if desired.
-
ProxyJump for bastions
Host bastion, HostName bastion.example.com. Host internal, ProxyJump bastion, HostName 10.0.0.1. ssh internal connects via bastion; scp and rsync work through the jump too.
Summary
Use ~/.ssh/config to define hosts, users, and keys so you can run ssh shortname. Use ssh-agent to hold keys and avoid repeated passphrases. Use ProxyJump for bastion access. Use this to streamline SSH and SCP.
Prerequisites
Steps
Step 1: Create SSH config entries
Edit ~/.ssh/config (chmod 600):
Host myserver
HostName 1.2.3.4
User deploy
IdentityFile ~/.ssh/id_ed25519_deployThen ssh myserver uses that host, user, and key.
Step 2: Use ssh-agent
eval $(ssh-agent)
ssh-add ~/.ssh/id_ed25519
ssh-add -lAdd to .bashrc if you want keys loaded on login.
Step 3: ProxyJump for bastions
Define Host bastion and Host internal with ProxyJump bastion; ssh internal will connect via the bastion.
Verification
- ssh shortname connects without specifying host, user, or key; agent holds keys and you are not prompted for passphrase on each connection.
Troubleshooting
Permission denied (publickey) — Wrong key or key not added; check IdentityFile and ssh-add -l. ProxyJump fails — Ensure you can ssh to the jump host and that the jump host can reach the final HostName.