See full list on docs.microsoft.com. Apple: How to manually add ssh key to keychain?Helpful? Please support me on Patreon: thanks & praise to God,. SSH stands for Secure Shell and is a cryptographic protocol based on the concept of public-private keys. We are using SSH with Git because it is much easier than typing your username and password. Keychain is a manager for ssh-agent, typically run from /.bashprofile. It allows your shells and cron jobs to easily share a single ssh-agent process. By default, the ssh- agent started by keychain is long-running and will continue to run, even after you have logged out from the system.

Article Index
Generating SSH Keys
Generating a key
Transferring your key
Using an SSH Agent
Keychain and SSH
SSH and GNOME
Wrapping Up
All Pages

Keychain (http://www.gentoo.org/proj/en/keychain/) is tool that aids the user in finding an existing ssh-agent or creating a new one (not to be confused with the Keychain tool for GNOME or Mac OS X). Keychain is available on Debian systems via APT and Gentoo via emerge. You can acquire the source from the above stated URL. I personally use Keychain on my Mac because it is the easiest way of managing SSH keys because I run it in my BASH start up:

keychain source ~/.keychain/$(HOSTNAME)-sh

On login I see this message (or messages saying its creating various files for me, see next example)

KeyChain 2.6.8; http://www.gentoo.org/proj/en/keychain/
Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL
* Found existing ssh-agent (250)

This finds an existing ssh-agent session and connects me to it. The first time it runs we have to still add our passphase using ssh-add:

KeyChain 2.6.8; http://www.gentoo.org/proj/en/keychain/
Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL
* Initializing /Users/moffats/.keychain/bigmac-sh file...
* Initializing /Users/moffats/.keychain/bigmac-csh file...
* Initializing /Users/moffats/.keychain/bigmac-fish file...
* Starting ssh-agent
bigmac:~ moffats$ ssh-add
Enter passphrase for /Users/moffats/.ssh/id_rsa:
Identity added: /Users/moffats/.ssh/id_rsa (/Users/moffats/.ssh/id_rsa)

Once we've done this, we don't need to run ssh-add until we next reboot as Keychain will continue to find the existing session. It will fail if your hostname changes on your machine, however this is usually only an issue for laptops (specifically ones that are set to reconfigure their hostname based on their DNS name, such as Mac's).

Next >

Name

keychain - re-use ssh-agent and/or gpg-agent between logins

Synopsis

keychain [ -hkQqV ] [ --clear --help --ignore-missing --noask --nocolor --nogui --nolock --quick --quiet --version ] [ --agents list ] [ --attemptsnum ] [ --dir dirname ] [ --host name ] [ --lockwait seconds ] [ --stop which ] [ --timeout minutes ] [ keys...]

Description

keychain is a manager for ssh-agent, typically run from ~/.bash_profile. It allows your shells and cron jobs to share a single ssh-agent process. Bydefault, the ssh-agent started by keychain is long-running and will continue to run, even after you have logged out from the system. If you want to change thisbehavior, take a look at the --clear and --timeout options, described below.

When keychain is run, it checks for a running ssh-agent, otherwise it starts one. It saves the ssh-agent environment variables to ~/.keychain/${HOSTNAME }-sh, so that subsequent logins and non-interactive shells such as cron jobs can source the file and make passwordless ssh connections.In addition, when keychain runs, it verifies that the key files specified on the command-line are known to ssh-agent, otherwise it loads them, prompting youfor a password if necessary.

Keychain also supports gpg-agent in the same ways that ssh-agent is supported. By default keychain attempts to start all available agents but will fall backto only gpg-agent or only ssh-agent if either is unavailable. You can specifically limit keychain using the --agents option.

keychain supports most UNIX-like operating systems, including Cygwin. It works with Bourne-compatible, csh-compatible and fish shells.

Options

--agentslist

Start the agents listed. By default keychain will build the list automatically based on the existence of ssh-agent and/or gpg-agent on the system. The listshould be comma-separated, for example 'gpg,ssh'

--attemptsnum

Try num times to add keys before giving up. The default is 1.

--clear

Delete all of ssh-agent's keys. Typically this is used in .bash_profile. The theory behind this is that keychain should assume that you are an intruderuntil proven otherwise. However, while this option increases security, it still allows your cron jobs to use your ssh keys when you're logged out.

--confirm

Keys are subject to interactive confirmation by the SSH_ASKPASS program before being used for authentication. See the -c option forssh-add(1).

--dirdirname

Keychain will use dirname rather than $HOME/.keychain

--eval

Keychain will print lines to be evaluated in the shell on stdout. It respects the SHELL environment variable to determine if Bourne shell orC shell output is expected.

--envfilename

After parsing options, keychain will load additional environment settings from 'filename'. By default, if '--env' is not given, then keychain will attemptto load from ~/.keychain/[hostname]-env or alternatively ~/.keychain/env. The purpose of this file is to override settings such as PATH , incase ssh is stored in a non-standard place.

-h --help

Show help that looks remarkably like this man-page. As of 2.6.10, help is sent to stdout so it can be easily piped to a pager.

--hostname

Set alternate hostname for creation of pidfiles

--ignore-missing

Don't warn if some keys on the command-line can't be found. This is useful for situations where you have a shared .bash_profile, but your keys might not beavailable on every machine where keychain is run.

--inheritwhich

Attempt to inherit agent variables from the environment. This can be useful in a variety of circumstances, for example when ssh-agent is started by gdm. Thefollowing values are valid for 'which':

local

Inherit when a pid (e.g. SSH_AGENT_PID ) is set in the environment. This disallows inheriting a forwarded agent.

any

Inherit when a sock (e.g. SSH_AUTH_SOCK ) is set in the environment. This allows inheriting a forwarded agent.

local-once

Same as 'local', but only inherit if keychain isn't already providing an agent.

any-once

Same as 'any', but only inherit if keychain isn't already providing an agent.

By default, keychain-2.5.0 and later will behave as if '--inherit local-once' is specified. You should specify '--noinherit' if you want the olderbehavior.

--lockwaitseconds

How long to wait for the lock to become available. Defaults to 5 seconds. Specify a value of zero or more. If the lock cannot be acquired within thespecified number of seconds, then this keychain process will forcefully acquire the lock.

--noask

This option tells keychain do everything it normally does (ensure ssh-agent is running, set up the ~/.keychain/[hostname]-{c}sh files) except that it willnot prompt you to add any of the keys you specified if they haven't yet been added to ssh-agent.

Keychain Ssh Windows 10

--nocolor

Disable color hilighting for non ANSI-compatible terms.

--nogui

Don't honor SSH_ASKPASS , if it is set. This will cause ssh-add to prompt on the terminal instead of using a graphical program.

--noinherit

Don't inherit any agent processes, overriding the default '--inherit local-once'

--nolock

Don't attempt to use a lockfile while manipulating files, pids and keys.

-k --stopwhich

Kill currently running agent processes. The following values are valid for 'which':

all

Kill all agent processes and quit keychain immediately. Prior to keychain-2.5.0, this was the behavior of the bare '--stop' option.

others

Kill agent processes other than the one keychain is providing. Prior to keychain-2.5.0, keychain would do this automatically. The new behavior requires thatyou specify it explicitly if you want it.

mine

Make Your Own Keychain

Kill keychain's agent processes, leaving other agents alone.

-Q --quick

If an ssh-agent process is running then use it. Don't verify the list of keys, other than making sure it's non-empty. This option avoids locking whenpossible so that multiple terminals can be opened simultaneously without waiting on each other.

-q --quiet

Only print messages in case of warning, error or required interactivity. As of version 2.6.10, this also suppresses 'Identities added' messages forssh-agent.

--timeoutminutes

Set a timeout in minutes on your keys. This is conveyed to ssh-agent which does the actual timing out of keys since keychain doesn't runcontinuously.

-V --version

Show version information.

Examples

This snippet should work in any shell to load two ssh keys and one gpg key:If you have trouble with that in csh:This is equivalent for Bourne shells (including bash and zsh) but doesn't use keychain's --eval feature:This is equivalent for C shell (including tcsh):To load keychain variables from a script (for example from cron) and abort unless id_dsa is available:

See Also

ssh-agent(1)

Notes

Keychain was created and is currently maintained by Daniel Robbins. If you need to report a bug or request an enhancement, please post to the funtoo-devmailing list <http://groups.google.com/group/funtoo-dev>. For more information about keychain, please visit <http://www.funtoo.org>.