ssh-add and SSH Forwarding

Anyone that’s ever used SSH before will tell you how awesome it is when working with remote services. If you’ve never used it before, have a read and then come back to this.

ssh-add is a tool that adds an ssh key to the current terminal session. When you try and SSH into a machine this is done transparently for the duration of that connection. However, if you want to use the same key multiple times you can use ssh-add. If you just type ssh-add it will use your default SSH keys (id_rsa, id_dsa and identity) to the session. You can also supply a path to a key file to add that to the session (e.g. ssh-add /path/to/key).

Once your key is added, you’ll be able to ssh into any server that uses that key without entering your passphrase again.

Now, the important part of this post. Once you’ve added you keys to your session, you can forward them onto any server that you connect to. For example, imagine I want to use Github to store all of my side projects, and I want to clone them onto a server somewhere. Normally, I’d either have to add an SSH key to the server, or use a HTTPS clone. Using ssh-add, I don’t need to do either.

I should mention that you should only do this if you trust the admin of the machine you’re connecting to.

ssh-add
ssh -A [email protected]

Then, on remotehost.com you’ll be able to perform any SSH based actions that your key has permission to do. This could be SCP-ing a file from another server, cloning a git repo or even just SSH-ing into another server.

If you want to do this every time you connect to a server, you can add it to your ~/.ssh/config file.

Host remoteserver
        HostName remotehost.com
        ForwardAgent yes
Michael is a polyglot software engineer, committed to reducing complexity in systems and making them more predictable. Working with a variety of languages and tools, he shares his technical expertise to audiences all around the world at user groups and conferences. You can follow @mheap on Twitter

Thoughts on this post

Leave a comment?

Leave a Reply