How to permanently add a private key with ssh-add on Ubuntu?

I have a private key protected with a password to access a server via SSH.

I have 2 linux (ubuntu 10.04) machines and the behavior of ssh-add command is different in both of them.

In one machine, once I use "ssh-add .ssh/identity" and entered my password, the key was added permanently, i.e., every time I shutdown the computer and login again, the key is already added.

In the other one, I have to add the key every time I login.

As far as I remember, I did the same thing on both. The only difference is that the key was created on the one that is added permanently.

Does anyone know how to add it permanently to the other machine as well?

A solution would be to force the key files to be kept permanently, by adding them in your ~/.ssh/config file:

IdentityFile ~/.ssh/gitHubKey
IdentityFile ~/.ssh/id_rsa_buhlServer

If you do not have a 'config' file in the ~/.ssh directory, then you should create one. It does not need root rights, so simply:

nano ~/.ssh/config

...and enter the lines above as per your requirements.

For this to work the file needs to have chmod 600. You can use the command chmod 600 ~/.ssh/config.

If you want all users on the computer to use the key put these lines into /etc/ssh/ssh_config and the key in a folder accessible to all.

Additionally if you want to set the key specific to one host, you can do the following in your ~/.ssh/config :

Host github.com
    User git
    IdentityFile ~/.ssh/githubKey

This has the advantage when you have many identities that a server doesn't reject you because you tried the wrong identities first. Only the specific identity will be tried.

I solved that problem on Mac OSX (10.10) by using -K option for ssh-add:

ssh-add -K ~/.ssh/your_private_key

For macOS 10.12 and later you need to additionally edit your ssh config as described here: https://github.com/jirsbek/SSH-keys-in-macOS-Sierra-keychain

This didn't answer the same issue for me under Mac OS X Lion. I ended up adding:

ssh-add ~/.ssh/id_rsa &>/dev/null

To my .zshrc (but .profile would be fine too), which seems to have fixed it.

(As suggested here: http://geek.michaelgrace.org/2011/09/permanently-add-ssh-key-ssh-add/ )

Just add the keychain, as referenced in Ubuntu Quick Tips https://help.ubuntu.com/community/QuickTips

What

Instead of constantly starting up ssh-agent and ssh-add, it is possible to use keychain to manage your ssh keys. To install keychain, you can just click here, or use Synaptic to do the job or apt-get from the command line.

Command line

Another way to install the file is to open the terminal (Application->Accessories->Terminal) and type:

sudo apt-get install keychain

Edit File

You then should add the following lines to your ${HOME}/.bashrc or /etc/bash.bashrc:

keychain id_rsa id_dsa
. ~/.keychain/`uname -n`-sh

I tried @Aaron's solution and it didn't quite work for me, because it would re-add my keys every time I opened a new tab in my terminal. So I modified it a bit(note that most of my keys are also password-protected so I can't just send the output to /dev/null):

added_keys=`ssh-add -l`

if [ ! $(echo $added_keys | grep -o -e my_key) ]; then
    ssh-add "$HOME/.ssh/my_key"
fi

What this does is that it checks the output of ssh-add -l(which lists all keys that have been added) for a specific key and if it doesn't find it, then it adds it with ssh-add.

Now the first time I open my terminal I'm asked for the passwords for my private keys and I'm not asked again until I reboot(or logout - I haven't checked) my computer.

Since I have a bunch of keys I store the output of ssh-add -l in a variable to improve performance(at least I guess it improves performance :) )

PS: I'm on linux and this code went to my ~/.bashrc file - if you are on Mac OS X, then I assume you should add it to .zshrc or .profile

EDIT: As pointed out by @Aaron in the comments, the .zshrc file is used from the zsh shell - so if you're not using that(if you're not sure, then most likely, you're using bash instead), this code should go to your .bashrc file.

I had the same issue on Ubuntu 16.04: some keys were added permanently, for others I had to execute ssh-add on every session. I found out that the keys which were added permanently had both private and public key located in ~/.ssh and the keys which were forgotten on every session had only private keys in ~/.ssh dir. So solution is simple: you should copy both private and public key to ~/.ssh before executing ssh-add.

P.S.: As far as I understand from Gnome wiki my method works thanks to gnome-keyring tool which is part of the Gnome Desktop Environment. Therefore my method should probably work only if you use Gnome or Gnome-based DE.

In my case the solution was: > Permissions on the config file should be 600. chmod 600 config

As mentioned in the comments above by generalopinion

No need to touch the config file contents.

I run Ubuntu using two id_rsa key's. (one personal one for work). ssh-add would remember one key (personal one) and forget the company one every time.

Checking out the difference between the two I saw my personal key had 400 rights while the company one had 600 rights. (had u+w). Removing the user write right from the company key (u-w or set to 400) fixed my problem. ssh-add now remembers both keys.

Adding the following lines in "~/.bashrc" solved the issue for me. I'm using Ubuntu 14.04 desktop.

eval `gnome-keyring-daemon --start`
USERNAME="reynold"
export SSH_AUTH_SOCK="$(ls /run/user/$(id -u $USERNAME)/keyring*/ssh|head -1)"
export SSH_AGENT_PID="$(pgrep gnome-keyring)"

This worked for me.

ssh-agent /bin/sh
ssh-add /path/to/your/key

On Ubuntu 14.04 (maybe earlier, maybe still) you don't even need the console:

• start seahorse or launch that thing you find searching for "key"
• create an SSH key there (or import one)
  • no need to leave the passphrase empty
  • it is offered to you to even push the public key to a server (or more)
• you will end up with an ssh-agent running and this key loaded, but locked
• using ssh will pickup the identity (i.e. key) through the agent
• on first use during the session, the passphrase will be checked
  • and you have the option to automatically unlock the key on login
  • this means the login auth will be used to wrap the passphrase of the key
• note: if you want to forward your identity (i.e. agent-forwarding) invoke your ssh with -A or make that the default
  • otherwise you can't authenticate with that key on a machine you login to later to a third machine

very simple ^_^ two steps

1.yum install keychain

2.add code below to .bash_profile

/usr/bin/keychain $HOME/.ssh/id_dsa
source $HOME/.keychain/$HOSTNAME-sh

For those that use Fish shell you can use the following function then call it in ~/.config/fish/config.fish or in a separate configuration file in ~/.config/fish/conf.d/loadsshkeys.fish. It will load all keys that start with id_rsa into the ssh-agent.

# Load all ssh keys that start with "id_rsa"
function loadsshkeys
  set added_keys (ssh-add -l)
   for key in (find ~/.ssh/ -not -name "*.pub" -a -iname "id_rsa*")
    if test ! (echo $added_keys | grep -o -e $key)
      ssh-add "$key"
    end
  end
end

# Call the function to run it.
loadsshkeys

If you want to have the ssh-agent auto started when you open a terminal you can use danhper/fish-ssh-agent to do this.